4 matches found
CVE-2026-28505
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...
CVE-2026-28505
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...
EUVD-2026-17184
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the streval function in notificationhandler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.conames of the...
CVE-2026-28505
CVE-2026-28505 affects Tautulli prior to version 2.17.0. The root cause is a flawed sandbox in notification_handler.py: the str_eval() sandbox inspects code.co_names, but nested lambda expressions create code objects whose attributes appear in code.co_consts, allowing bypass of the whitelist. Thi...