6 matches found
CVE-2026-48793
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...
CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...
CVE-2026-35033
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...
EUVD-2026-22768
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...
PT-2026-32958
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description An unauthenticated arbitrary file read is possible via ffmpeg argument injection through the query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds lowercase...
PT-2025-16473 · Jellyfin +1 · Jellyfin +1
Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.10.7 Description: Jellyfin is an open source self-hosted media server. The issue concerns argument injection in FFmpeg, which can potentially lead to remote code execution by anyone with credentials to a...