CVE-2026-31799 | Tautulli up to 2.16.x Admin API Key v2?cmd=get_home_stats section_id/user_id sql injection (GHSA-g47q-8j8w-m63q)

A vulnerability, which was classified as critical, has been found in Tautulli up to 2.16.x. This affects an unknown part of the file /api/v2?cmd=get_home_stats of the component Admin API Key Handler. The manipulation of the argument section_id/user_id leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-31799. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More