External risk intelligence

Jellyfin media server allows attackers to read any file from your server.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-35033

Jellyfin, a media server, has a critical flaw allowing anyone to read any file on your server without a password. This issue is now because it's easily exploitable over the internet.

4Halo Surface Signal

Jellyfin

before 10.11.7

External exposure likelihood

Halo Surface Signal score for CVE-2026-35033

Jellyfin is a web-based media server application commonly deployed with public internet exposure to facilitate remote access. The vulnerable component is part of the core streaming service and is reachable via the primary web interface. As an application frequently internet-facing for user convenience, the vulnerable endpoint is exposed to public network traffic in many typical deployments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Jellyfin media server allows an unauthenticated attacker to read arbitrary files from the server. The issue stems from improper handling of query parameters, which can be manipulated to inject commands into the underlying ffmpeg process. This could lead to the exposure of sensitive system information.

  • Sensitive files can be read.
  • Exploitable over the internet.
  • No login needed.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this vulnerability by sending a crafted request to the Jellyfin media server's streaming endpoint. By manipulating the `StreamOptions` query parameter with a special `ffmpeg` command, the attacker can force the server to read arbitrary files and exfiltrate their content through the video stream. This allows for the disclosure of sensitive server-side information.

  • Unauthenticated network access required.
  • Exploits ffmpeg argument injection.
  • Requires knowledge of item GUIDs.

Live Threat

Current exploitation, exposure, and threat context

Attackers may find this vulnerability appealing due to its unauthenticated and critical nature, allowing for arbitrary file reads. While the vulnerability itself is severe, obtaining the necessary item GUIDs to target specific streams requires prior authenticated access, which could temper its immediate widespread weaponization. However, this could change if methods to enumerate or guess GUIDs emerge.

  • Unauthenticated arbitrary file read.
  • Requires item GUIDs for targeting.
  • Fixed in version 10.11.7.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate patching of Jellyfin to version 10.11.7 to address the unauthenticated arbitrary file read vulnerability. If patching is not immediately feasible, focus on network-level filtering and strict access controls to prevent exploitation of the streaming endpoint.

  • Apply Jellyfin version 10.11.7 or later.
  • Block network traffic to the streaming endpoint.
  • Monitor logs for suspicious requests to /Videos/{itemId}/stream.

Frequently asked questions

What is the vulnerability in Jellyfin media server?

Jellyfin versions prior to 10.11.7 have an unauthenticated arbitrary file read vulnerability. This occurs through ffmpeg argument injection when parsing the StreamOptions query parameter. The ParseStreamOptions method in StreamingHelpers.cs adds query parameters without validation, allowing unsanitized values to be concatenated into the ffmpeg command line.

How can an attacker exploit the Jellyfin vulnerability?

An attacker can exploit this by injecting a drawtext filter with a textfile argument into the ffmpeg command. This allows them to read arbitrary server files, such as /etc/shadow, and exfiltrate their contents as text within the video stream response.

What is the potential impact of this Jellyfin vulnerability?

The impact is critical, allowing unauthenticated attackers to read sensitive server files and exfiltrate them. While exploitation requires obtaining item GUIDs, which normally need authenticated access, this vulnerability could be a significant risk to data confidentiality if methods to obtain GUIDs become available.

How does the Halo Surface Signal assess the risk of CVE-2026-35033?

Halo Surface Signal assesses this CVE as 'Likely' due to Jellyfin being a web-based media server often exposed to the public internet for remote access. The vulnerable component is part of the core streaming service, reachable via the primary web interface, and is exposed to public network traffic in many typical deployments.

What is the recommended fix for the Jellyfin arbitrary file read vulnerability?

The recommended fix is to update Jellyfin to version 10.11.7 or later immediately. If patching is not feasible, network-level filtering and strict access controls to prevent exploitation of the streaming endpoint should be implemented. Monitoring logs for suspicious requests to the /Videos/{itemId}/stream endpoint is also advised.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified