A vulnerability, which was classified as critical , has been found in advplyr audiobookshelf up to 2.33.1 . This affects an unknown function of the file server/controllers/PodcastController.js of the component Podcast Creation Endpoint . The manipulation leads to path traversal. This vulnerability is traded as CVE-2026-42888 . It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.