CVE-2026-31831

Summary

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.

Affected Software

VendorProductVersion RangeStatus
TautulliTautulli< 2.17.0affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References