What is the CVSS score of CVE-2026-27707?

CVE-2026-27707 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of Seerr are affected by CVE-2026-27707?

A high-severity vulnerability (CVE-2026-27707) has been discovered in Seerr, an open-source media management application used with Jellyfin, Plex, or Emby platforms.. A patch is available.

Is there a public PoC exploit available for CVE-2026-27707?

Yes, a public proof-of-concept exploit is available for CVE-2026-27707. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-27707?

Within 24 hours: Identify all systems running Seerr and verify current version numbers against the affected release. Within 7 days: Apply the available vendor patch to all Seerr instances and validate successful deployment. Within 30 days: Conduct a security audit of patched systems and review access logs for signs of exploitation.

Seerr CVE-2026-27707

HIGH

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2026-02-27 security-advisories@github.com

Information Disclosure Seerr

7.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.3 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 04, 2026 - 16:54 vuln.today

Public exploit code

Patch released

Mar 04, 2026 - 16:54 nvd

Patch available

CVE Published

Feb 27, 2026 - 20:21 nvd

HIGH 7.3

DescriptionGitHub Advisory

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configured instance by authenticating with an attacker-controlled Jellyfin server. The attacker receives an authenticated session and can immediately use the application with default permissions, including the ability to submit media requests to Radarr/Sonarr. Any Seerr deployment where all three of the following are true may be vulnerable: settings.main.mediaServerType is set to PLEX (the most common deployment).; settings.jellyfin.ip is set to "" (default, meaning Jellyfin was never configured); and settings.main.newPlexLogin is set to true (default). Jellyfin-configured and Emby-configured deployments are not affected. Version 3.1.0 of Seerr fixes this issue.

AnalysisAI

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. [CVSS 7.3 HIGH]

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send POST request to /api/v1/auth/jellyfin

Delivery

Authenticate with attacker-controlled Jellyfin server

Exploit

Bypass authentication guard logic

Execution

Impact

Obtain authenticated session with default permissions