CVE-2026-31804 | Tautulli up to 2.16.x Endpoint /pms_image_proxy img server-side request forgery (GHSA-qj2f-4c4p-wv97)

A vulnerability has been found in Tautulli up to 2.16.x and classified as critical. This issue affects some unknown processing of the file /pms_image_proxy of the component Endpoint. This manipulation of the argument img causes server-side request forgery.

The identification of this vulnerability is CVE-2026-31804. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More