Compliance Impact

The vulnerability allows authenticated attackers to bypass internal network protections and exfiltrate data from internal services such as Jellyfin, Emby, or Plex by exploiting a Server-Side Request Forgery (SSRF) flaw. This unauthorized access and data exfiltration could lead to exposure of sensitive or personal data stored within these internal services.

Such unauthorized data access and exfiltration may result in non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over personal and sensitive data to prevent unauthorized disclosure.

Therefore, organizations using affected versions of MoviePilot v2 could face compliance risks if this vulnerability is exploited, as it undermines the confidentiality and integrity of protected data.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-10107 is a Server-Side Request Forgery (SSRF) vulnerability in MoviePilot v2's image proxy endpoint. Authenticated attackers who have a resource_token cookie can supply a URL whose domain matches an allowlist to make arbitrary HTTP requests. The vulnerability exists because the SecurityUtils.is_safe_url function only checks if the domain is in the allowlist but does not block private, loopback, or link-local IP addresses. This allows attackers to bypass internal network protections and access internal services such as Jellyfin, Emby, or Plex.

The flaw enables attackers to enumerate internal network services and exfiltrate data by exploiting the image proxy endpoint to fetch arbitrary URLs within the internal network. The root cause is insufficient validation of URLs, specifically the lack of IP address checks to block non-public addresses.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have significant impacts if exploited. An attacker with valid authentication can access internal network services that are normally protected, such as media servers (Jellyfin, Emby, Plex).

• Access internal media server APIs and exfiltrate sensitive data like user lists and library metadata.
• Enumerate and reach other internal services on the same subnet if ports are open.
• Exfiltrate data by encoding it within image metadata fetched through the proxy.

Overall, this can lead to unauthorized disclosure of sensitive internal information and compromise of internal network resources.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized HTTP requests to the /api/v1/system/img/{proxy} endpoint of MoviePilot v2, especially those made by authenticated users with a resource_token cookie. Since the vulnerability allows SSRF to internal services, detection involves checking for requests that target internal IP ranges (such as 192.168.x.x, 10.x.x.x, 172.16.x.x) or internal media server APIs like Jellyfin, Emby, or Plex.

Network or system administrators can use network monitoring tools or web server logs to identify suspicious requests to the image proxy endpoint that include URLs resolving to private, loopback, or link-local IP addresses.

Suggested commands to detect potential exploitation attempts include:

• Using grep to find requests to the vulnerable endpoint in web server logs: grep "/api/v1/system/img/" /var/log/nginx/access.log
• Filtering requests that include internal IP addresses or hostnames in the URL parameter: grep -E "(192\.168\.|10\.|172\.16\.|localhost|127\.0\.0\.1)" /var/log/nginx/access.log
• Using network monitoring tools like tcpdump or Wireshark to capture HTTP traffic targeting internal IP ranges from the MoviePilot server.
• Checking for presence of the resource_token cookie in requests to the image proxy endpoint to identify authenticated exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable MoviePilot image proxy endpoint to trusted users only and monitoring for suspicious activity as described above.

Applying the official fix is critical. The fix modifies the SecurityUtils.is_safe_url function to block private, loopback, and link-local IP addresses by verifying that URLs resolve only to global (public) IP addresses before allowing requests.

If an immediate patch is not possible, consider implementing network-level controls such as firewall rules to block outbound HTTP requests from the MoviePilot server to internal IP ranges.

Additionally, review and limit the domains included in the allowlist to exclude internal IP addresses or hostnames.

Upgrade MoviePilot to a version that includes the fix from commit 0b7854a0af8751160b68c43c46ded48d2bd8a212 or later.

Useful 0 Not Useful 0