CVE-2026-31978
Received Received - Intake
Path Traversal in motionEye Video Surveillance Software

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/{id}/preview/{filename}. Neither the API handlers, nor the mediafiles.py functions such as get_media_preview() check for .. sequences in the filename parameter, except for get_media_content(). This allows an authenticated user with normal (non-admin) privileges to read arbitrary files from the filesystem as the motionEye process user, such as: /etc/passwd, /etc/shadow, motionEye config files containing password hashes and plaintext passwords, SSH keys, and other cameras' surveillance footage. This issue has been fixed in version 0.44.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-31978
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
motioneye motioneye to 0.44.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated user with normal privileges to read arbitrary files from the filesystem, including sensitive files such as /etc/passwd, /etc/shadow, configuration files containing password hashes and plaintext passwords, SSH keys, and surveillance footage from other cameras.

Access to such sensitive information could lead to unauthorized disclosure of personal data and credentials, which may violate data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information.

Therefore, this vulnerability could negatively impact compliance with these standards by exposing confidential data to unauthorized users.

Executive Summary

The vulnerability in motionEye (mEye) versions prior to 0.44.0 is a path traversal issue in the picture and movie API endpoints, such as /picture/{id}/preview/{filename}.

Specifically, the API handlers and certain functions like get_media_preview() do not properly check for '..' sequences in the filename parameter, allowing an authenticated user with normal (non-admin) privileges to read arbitrary files on the filesystem.

This means an attacker can access sensitive files such as /etc/passwd, /etc/shadow, motionEye configuration files containing password hashes and plaintext passwords, SSH keys, and other users' surveillance footage.

The issue was fixed in version 0.44.0.

Impact Analysis

This vulnerability allows an authenticated user with normal privileges to read arbitrary files on the system where motionEye is running.

  • Exposure of sensitive system files like /etc/passwd and /etc/shadow.
  • Access to motionEye configuration files that may contain password hashes and plaintext passwords.
  • Potential compromise of SSH keys.
  • Unauthorized access to other cameras' surveillance footage.

Overall, this can lead to information disclosure and potential further compromise of the system.

Mitigation Strategies

To mitigate this vulnerability, upgrade motionEye to version 0.44.0 or later, where the path traversal issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31978. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart