CVE-2026-40605

N/A Unknown

Published: June 04, 2026 Modified: June 04, 2026

Description

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and service disruption. Version 2.17.1 fixes the issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/Tautulli/Tautulli/releases/tag/v2.17.1

Source: security-advisories@github.com

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-fg46-xx7h-mhwr

Source: security-advisories@github.com

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-fg46-xx7h-mhwr

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.3%

22th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22 CWE-73

Related CVEs

CVE-2026-48777 N/A

CVE-2026-47750 7.8

CVE-2026-47747 7.8

CVE-2026-46448 5.4

CVE-2026-22313 9.1