CVE-2026-32275

Name of the Vulnerable Software and Affected Versions Tautulli versions 1.3.10 through 2.16.9

Description Tautulli, a Python-based monitoring tool for Plex Media Server, contains a flaw due to an unsanitized JSONP callback parameter. This allows for cross-origin script injection and potential theft of API keys. The vulnerable parameter is a JSONP callback. Exploitation of this issue could lead to unauthorized access and control of the Plex Media Server through the compromised API key.

Recommendations Update to version 2.17.0 or later.