3 matches found
CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...
CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...
CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...