CVE-2026-10107
MoviePilot v2 Server-Side Request Forgery via Image Proxy Endpoint
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jellyfin | jellyfin | * |
| emby | emby | * |
| plex | plex | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to bypass internal network protections and exfiltrate data from internal services such as Jellyfin, Emby, or Plex by exploiting a Server-Side Request Forgery (SSRF) flaw. This unauthorized access and data exfiltration could lead to exposure of sensitive or personal data stored within these internal services.
Such unauthorized data access and exfiltration may result in non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over personal and sensitive data to prevent unauthorized disclosure.
Therefore, organizations using affected versions of MoviePilot v2 could face compliance risks if this vulnerability is exploited, as it undermines the confidentiality and integrity of protected data.
Can you explain this vulnerability to me?
CVE-2026-10107 is a Server-Side Request Forgery (SSRF) vulnerability in MoviePilot v2's image proxy endpoint. Authenticated attackers who have a resource_token cookie can supply a URL whose domain matches an allowlist to make arbitrary HTTP requests. The vulnerability exists because the SecurityUtils.is_safe_url function only checks if the domain is in the allowlist but does not block private, loopback, or link-local IP addresses. This allows attackers to bypass internal network protections and access internal services such as Jellyfin, Emby, or Plex.
The flaw enables attackers to enumerate internal network services and exfiltrate data by exploiting the image proxy endpoint to fetch arbitrary URLs within the internal network. The root cause is insufficient validation of URLs, specifically the lack of IP address checks to block non-public addresses.
How can this vulnerability impact me? :
This vulnerability can have significant impacts if exploited. An attacker with valid authentication can access internal network services that are normally protected, such as media servers (Jellyfin, Emby, Plex).
- Access internal media server APIs and exfiltrate sensitive data like user lists and library metadata.
- Enumerate and reach other internal services on the same subnet if ports are open.
- Exfiltrate data by encoding it within image metadata fetched through the proxy.
Overall, this can lead to unauthorized disclosure of sensitive internal information and compromise of internal network resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized HTTP requests to the /api/v1/system/img/{proxy} endpoint of MoviePilot v2, especially those made by authenticated users with a resource_token cookie. Since the vulnerability allows SSRF to internal services, detection involves checking for requests that target internal IP ranges (such as 192.168.x.x, 10.x.x.x, 172.16.x.x) or internal media server APIs like Jellyfin, Emby, or Plex.
Network or system administrators can use network monitoring tools or web server logs to identify suspicious requests to the image proxy endpoint that include URLs resolving to private, loopback, or link-local IP addresses.
Suggested commands to detect potential exploitation attempts include:
- Using grep to find requests to the vulnerable endpoint in web server logs: grep "/api/v1/system/img/" /var/log/nginx/access.log
- Filtering requests that include internal IP addresses or hostnames in the URL parameter: grep -E "(192\.168\.|10\.|172\.16\.|localhost|127\.0\.0\.1)" /var/log/nginx/access.log
- Using network monitoring tools like tcpdump or Wireshark to capture HTTP traffic targeting internal IP ranges from the MoviePilot server.
- Checking for presence of the resource_token cookie in requests to the image proxy endpoint to identify authenticated exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable MoviePilot image proxy endpoint to trusted users only and monitoring for suspicious activity as described above.
Applying the official fix is critical. The fix modifies the SecurityUtils.is_safe_url function to block private, loopback, and link-local IP addresses by verifying that URLs resolve only to global (public) IP addresses before allowing requests.
If an immediate patch is not possible, consider implementing network-level controls such as firewall rules to block outbound HTTP requests from the MoviePilot server to internal IP ranges.
Additionally, review and limit the domains included in the allowlist to exclude internal IP addresses or hostnames.
Upgrade MoviePilot to a version that includes the fix from commit 0b7854a0af8751160b68c43c46ded48d2bd8a212 or later.