CVE-2026-40348 | leepeuker movary up to 0.71.0 Endpoint server-url-verify server-side request forgery (GHSA-2m2v-v563-qqvj)

A vulnerability categorized as critical has been discovered in leepeuker movary up to 0.71.0. This affects an unknown part of the file /settings/jellyfin/server-url-verify of the component Endpoint. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-40348. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More