Seerr · Seerr · CVE-2026-27792
**Name of the Vulnerable Software and Affected Versions**
Seerr versions prior to 3.1.0
**Description**
Seerr, an open-source media request and discovery manager for Jellyfin, Plex, and Emby, contains a flaw where authenticated users can access and modify data belonging to other users. This is due to the lack of the `isOwnProfileOrAdmin()` middleware on certain push subscription API routes.
**Recommendations**
Update to version 3.1.0 or later.