CVE-2026-40096
- EPSS 0.21%
- Veröffentlicht 14.04.2026 23:54:17
- Zuletzt bearbeitet 23.04.2026 15:26:12
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.serv...
CVE-2026-35455
- EPSS 0.23%
- Veröffentlicht 08.04.2026 18:31:27
- Zuletzt bearbeitet 15.04.2026 18:38:01
immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other use...
CVE-2026-25118
- EPSS 0.45%
- Veröffentlicht 03.04.2026 15:51:07
- Zuletzt bearbeitet 15.04.2026 18:38:04
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the ap...
CVE-2026-23896
- EPSS 0.3%
- Veröffentlicht 29.01.2026 17:12:43
- Zuletzt bearbeitet 15.04.2026 18:55:12
immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative acc...