Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 10:25 p.m.3 views

CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:25 p.m.4 views

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/14 10:25 p.m.5 views

EUVD-2026-22766

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 10:25 p.m.9 views

CVE-2026-35032

Jellyfin (pre-10.11.7) has a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts) where tuner URLs aren’t validated, enabling local file reads via non-HTTP paths and SSRF via HTTP URLs. Exploitation is possible by any authenticated user because EnableLiveTvManagement def...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder