PT-2026-28790 · Tautulli+1 · Tautulli+1
Jakeperalta7
·
Publicado
2026-03-28
·
Atualizado
2026-03-31
·
CVE-2026-31831
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tautulli versions prior to 2.17.0
Description
Tautulli is a Python-based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the
/newsletter/image/images API endpoint is susceptible to a path traversal issue. This allows unauthenticated attackers to read arbitrary files from the application server’s filesystem. The vulnerable parameter is not explicitly mentioned.Recommendations
Update to Tautulli version 2.17.0 or later.
Exploit
Correção
Relative Path Traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plex Media Server
Tautulli