Description
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
Published: 2026-04-14
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Arbitrary File Read
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to inject malicious arguments into the ffmpeg command line through the StreamOptions query parameter, enabling arbitrary read of server files such as /etc/shadow. Because the payload is rendered as text in the video stream response, an attacker can exfiltrate sensitive data without needing to capture the stream output separately. The flaw is a consequence of missing authorization checks and unsanitized input handling, making it a severe confidentiality breach.

Affected Systems

The affected product is Jellyfin, the open-source media server. Versions before 10.11.7 are vulnerable; the issue was corrected in release 10.11.7. The exploit relies on the /Videos/{itemId}/stream endpoint, which lacks an Authorize attribute and accepts any lowercase query parameter without validation. Users who can obtain item GUIDs (typically authenticated) can use them to target specific media items.

Risk and Exploitability

The CVSS base score is 9.3, indicating critical severity. EPSS is not available, so current exploitation probability cannot be quantified. The vulnerability is not listed in CISA's KEV catalog. Attackers can reach the vulnerable endpoint over the network, assuming the server is exposed. Since the endpoint accepts arbitrary query parameters, an unauthenticated attacker can craft requests to read arbitrary files by embedding a drawtext filter that references a textfile argument. The absence of authentication for the stream endpoint makes exploitation possible without needing user credentials, though obtaining GUIDs still requires authentication. The risk is therefore high, pending the availability of a patch or mitigation.

Generated by OpenCVE AI on April 14, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Jellyfin to version 10.11.7 or later
  • Restrict access to the /Videos/{itemId}/stream endpoint with firewall or application‑level ACLs
  • Enforce authentication or authorization on the stream endpoint before processing StreamOptions

Generated by OpenCVE AI on April 14, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Wed, 15 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Jellyfin
Jellyfin jellyfin
Vendors & Products Jellyfin
Jellyfin jellyfin

Tue, 14 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
Title Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection
Weaknesses CWE-862
CWE-88
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Jellyfin Jellyfin
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-15T13:36:26.787Z

Reserved: 2026-03-31T21:06:06.427Z

Link: CVE-2026-35033

cve-icon Vulnrichment

Updated: 2026-04-15T13:36:23.253Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T23:16:28.817

Modified: 2026-04-23T14:02:45.350

Link: CVE-2026-35033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:31:57Z

Weaknesses