Futo

Immich

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-35455

Exploit
  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 18:31:27
  • Zuletzt bearbeitet 15.04.2026 18:38:01

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other use...

7.5

CVE-2026-25118

Exploit
  • EPSS 0.09%
  • Veröffentlicht 03.04.2026 15:51:07
  • Zuletzt bearbeitet 15.04.2026 18:38:04

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the ap...

8.8

CVE-2026-23896

Exploit
  • EPSS 0.05%
  • Veröffentlicht 29.01.2026 17:12:43
  • Zuletzt bearbeitet 15.04.2026 18:55:12

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative acc...