CVE-2026-27792

EPSS 0.22%
Veröffentlicht 27.02.2026 19:33:18
Zuletzt bearbeitet 04.03.2026 16:49:30
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Seerr missing authentication on pushSubscription endpoints

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Seerr ≫ Seerr Version >= 2.7.0 < 3.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.117

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/seerr-team/seerr/releases/tag/v3.1.0

Product

Release Notes

https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f

Vendor Advisory

https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-27792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27792

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27792