Joshuaboniface

**Name of the Vulnerable Software and Affected Versions** Jellyfin versions prior to 10.7.1 **Description** The issue allows arbitrary file read from a Jellyfin server's file system with well-crafted requests to certain "API Endpoints". This is more prevalent when Windows is used as the host OS. Servers exposed to the public Internet are potentially at risk. **Recommendations** For versions prior to 10.7.1, update to version 10.7.1 as soon as possible. As a temporary workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem.