4 matches found
CVE-2026-35034
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...
CVE-2026-35034
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...
CVE-2026-35034
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...
CVE-2026-35034
CVE-2026-35034 affects Jellyfin before 10.11.7, where an authenticated user can abuse the SyncPlay group creation endpoint (POST /SyncPlay/New) due to insufficient input validation. By sending large payloads (with arbitrary group IDs), an attacker can cause high memory usage and lock out other cl...