Description

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.

INFO

Published Date :

2026-02-27T19:33:18.469Z

Last Modified :

2026-02-27T20:19:07.348Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27792 vulnerability.

Vendors Products
Seerr
  • Seerr
Seerr-team
  • Seerr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27792.

URL Resource
https://github.com/seerr-team/seerr/commit/946bdecec524b4e7f8aaf8f2b3856f319a3580c1 cve-icon cve-icon
https://github.com/seerr-team/seerr/releases/tag/v3.1.0 cve-icon cve-icon
https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact