CVE-2026-35032 | Jellyfin up to 10.11.6 /LiveTv/TunerHosts server-side request forgery (GHSA-8fw7-f233-ffr8)

A vulnerability, which was classified as critical, was found in Jellyfin up to 10.11.6. The affected element is an unknown function of the file /LiveTv/TunerHosts. The manipulation results in server-side request forgery.

This vulnerability is known as CVE-2026-35032. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More