PT-2026-28790 · Tautulli+1 · Tautulli+1
Jakeperalta7
·
Published
2026-03-28
·
Updated
2026-03-31
·
CVE-2026-31831
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tautulli versions prior to 2.17.0
Description
Tautulli is a Python-based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the
/newsletter/image/images API endpoint is susceptible to a path traversal issue. This allows unauthenticated attackers to read arbitrary files from the application server’s filesystem. The vulnerable parameter is not explicitly mentioned.Recommendations
Update to Tautulli version 2.17.0 or later.
Exploit
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plex Media Server
Tautulli