PT-2026-22381 · Seerr+3 · Seerr+3
Gauthier-Th
·
Publicado
2026-02-27
·
Atualizado
2026-03-04
·
CVE-2026-27792
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Seerr versions prior to 3.1.0
Description
Seerr, an open-source media request and discovery manager for Jellyfin, Plex, and Emby, contains a flaw where authenticated users can access and modify data belonging to other users. This is due to the lack of the
isOwnProfileOrAdmin() middleware on certain push subscription API routes.Recommendations
Update to version 3.1.0 or later.
Exploit
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Emby
Jellyfin
Plex
Seerr