← volver
CVE-2026-40605

Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API

CVSS 5.7 MEDIUMEPSS 0.3%CWE-22CWE-73
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and service disruption. Version 2.17.1 fixes the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
Tautulli · Tautulli

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Tautulli/Tautulli/releases/tag/v2.17.1https://github.com/Tautulli/Tautulli/security/advisories/GHSA-fg46-xx7h-mhwr