CVE-2026-31831

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.

Relative Path Traversal

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Based

View CWE Details

https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0

https://github.com/Tautulli/Tautulli/security/advisories/GH…

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-xp55-2pf4-fv8m

CVE-2026-31831

Description

Relative Path Traversal

Common Consequences

Applicable Platforms

Iscriviti alla newsletter