CVE-2026-40605

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and service disruption. Version 2.17.1 fixes the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-73

Related Identifiers

CVE-2026-40605

Affected Products

Tautulli

CVE-2026-40605

Weakness Enumeration

Related Identifiers

Affected Products

References · 3