CVE-2026-40605
Tautulli is a Python based monitoring and tracking tool for Plex Media Server
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CWE
- CWE-22, CWE-73
Description
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and service disruption. Version 2.17.1 fixes the issue.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24717 — A path traversal vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-62851 — A path traversal vulnerability has been reported to affect License Center
- CVE-2026-46491 — SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module (8.6 HIGH)
- CVE-2026-44716 — Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents (7.5 HIGH)
- CVE-2026-34657 — CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restr... (5.5 MEDIUM)