Browse all 14 CVE security advisories affecting jellyfin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Jellyfin serves as an open-source media server for organizing and streaming personal content across devices. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control issues. The project maintains a moderate CVE count of 14, with notable incidents including authentication bypass flaws in earlier versions and information disclosure through API endpoints. While the project addresses vulnerabilities through regular updates, users should implement network segmentation and access controls to mitigate risks, as the software's broad functionality surface area continues to present security challenges.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-31852 | Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation — code-quality.ymlCWE-269 | 10.0 | Critical | 2026-03-11 |
This page lists every published CVE security advisory associated with jellyfin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.