Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tautulli — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting Tautulli. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tautulli serves as a monitoring and analytics tool for Plex Media Server, providing insights into user activity and media consumption. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the presence of nine CVEs indicates potential risks in deployment. The application's web interface and API endpoints have been common targets, with issues ranging from information disclosure to complete system compromise when deployed with default settings or outdated versions. Proper hardening and regular updates remain critical for secure operation.

Top products by Tautulli: Tautulli
CVE IDTitleCVSSSeverityPublished
CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft — TautulliCWE-79 7.6 -2026-03-30
CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters — TautulliCWE-89 4.9 Medium2026-03-30
CVE-2026-31831 Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint — TautulliCWE-23 7.5 -2026-03-30
CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server — TautulliCWE-918 4.0 Medium2026-03-30
CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check — TautulliCWE-94 9.8 -2026-03-30
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection — TautulliCWE-78 8.1 High2025-09-09
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent — TautulliCWE-73 9.1 Critical2025-09-09
CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy` — TautulliCWE-27 8.6 High2025-09-09
CVE-2025-58760 Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint — TautulliCWE-23 8.6 High2025-09-09

This page lists every published CVE security advisory associated with Tautulli. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.