CVE-2026-35033
CVE-2026-35033 is a critical-severity vulnerability in Jellyfin with a CVSS 3.x base score of 9.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-88.
Key facts
- Severity: Critical (CVSS 3.x base score 9.1)
- CVSS v4: 9.3
- EPSS exploit prediction: 0% (24th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-22768
- Weakness: CWE-88
- Affected product: Jellyfin
- Published:
- Last modified:
Description
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
Frequently asked questions
- What is CVE-2026-35033?
- Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
- How severe is CVE-2026-35033?
- CVE-2026-35033 has a CVSS 3.x base score of 9.1, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability none.
- Is CVE-2026-35033 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (24th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-35033?
- CVE-2026-35033 affects Jellyfin. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-35033?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2026-35033 have an EU (EUVD) identifier?
- Yes. CVE-2026-35033 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-22768.
- When was CVE-2026-35033 published?
- CVE-2026-35033 was published on 2026-04-14 and last updated on 2026-06-17.
References
- https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7
- https://github.com/jellyfin/jellyfin/security/advisories/GHSA-jh22-fw8w-2v9x
Affected products (1)
- cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*
More vulnerabilities in Jellyfin
- CVE-2026-31852 — Critical (CVSS 10.0): Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is…
- CVE-2026-35031 — Critical (CVSS 9.9): Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the…
- CVE-2023-30627 — Critical (CVSS 9.0): jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to…
- CVE-2025-31499 — High (CVSS 8.8): Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in…
- CVE-2023-30626 — High (CVSS 8.8): Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory…
- CVE-2022-35909 — High (CVSS 8.8): In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.
Other CWE-88 (Argument Injection) vulnerabilities
- CVE-2026-57572 — Critical (CVSS 10.0): Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted…
- CVE-2026-40281 — Critical (CVSS 10.0): Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint…
- CVE-2023-6269 — Critical (CVSS 10.0): An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify…
- CVE-2007-0882 — Critical (CVSS 10.0): Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11)…
- CVE-2004-0480 — Critical (CVSS 10.0): Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via…
- CVE-1999-0113 — Critical (CVSS 10.0): Some implementations of rlogin allow root access if given a -froot parameter.