CVE-2020-26948

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.5.0

Description The issue allows for Server-Side Request Forgery (SSRF) via the ImageURL parameter in the Items/RemoteSearch/Image endpoint. This means an attacker could potentially force the server to make unintended requests to internal or external resources.

Recommendations For Emby Server versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Items/RemoteSearch/Image endpoint or avoiding the use of the ImageURL parameter until the update is applied.