CVE-2026-27792

Name: CVE-2026-27792
Creator: NVD / NIST
Published: 2026-02-27T20:21:39.403+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.4/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2026-27792 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

0.21%

11.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Seerr	Seerr	>= 2.7.0, < 3.1.0

References

https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1Patch
https://github.com/seerr-team/seerr/releases/tag/v3.1.0Product, Release Notes
https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65fVendor Advisory

Timeline

Published: Feb 27, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-27792?

How severe is CVE-2026-27792?

CVE-2026-27792 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2026-27792?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-27792?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST