5.4

CVE-2026-27792

EPSS 0.01%
Veröffentlicht 27.02.2026 19:33:18
Zuletzt bearbeitet 04.03.2026 16:49:30
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Seerr ≫ Seerr Version >= 2.7.0 < 3.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/seerr-team/seerr/releases/tag/v3.1.0

Product

Release Notes

https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f

Vendor Advisory

https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-27792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27792

EUVD