CVE-2026-27792 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the appli…
Medium CVSS: 5.4

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.
Vendor
Seerr
Product
Seerr
CWE
CWE-862
Yayın Tarihi
2026-02-27 20:21:39
Güncelleme
2026-03-04 16:49:30
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-862 Seerr MEDIUM Seerr 2026

Referanslar

https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1 https://github.com/seerr-team/seerr/releases/tag/v3.1.0 https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f