CVE-2026-40605

Vulnerability Description

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and service disruption. Version 2.17.1 fixes the issue.

Vulnerability Details

Published Date

June 04, 2026

Last Modified

June 04, 2026

CWE ID

CWE-22

Source

NVD

Vendor

Tautulli

Product

Tautulli

External References

https://github.com/Tautulli/Tautulli/releases/tag/v2.17.1
https://github.com/Tautulli/Tautulli/security/advisories/GHSA-fg46-xx7h-mhwr

CVE-2026-40605

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment