CVE-2026-27792

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.

Vulnerability Details

Published Date

February 27, 2026

Last Modified

February 27, 2026

CWE ID

CWE-862

Source

NVD

Vendor

seerr-team

Product

seerr

External References

https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1
https://github.com/seerr-team/seerr/releases/tag/v3.1.0
https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f

CVE-2026-27792

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment