Is Python affected by CVE-2026-31831?

Tautulli versions prior to 2.17.0 contain an unauthenticated path traversal vulnerability in the newsletter image API that allows attackers to read arbitrary files from affected servers without authentication.

CVE-2026-31831

EUVD-2026-17192 HIGH

2026-03-30 GitHub_M

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 30, 2026 - 19:45 vuln.today

EUVD ID Assigned

Mar 30, 2026 - 19:45 euvd

EUVD-2026-17192

CVE Published

Mar 30, 2026 - 19:42 nvd

HIGH 8.7

Description

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.

Analysis

Path traversal in Tautulli's /newsletter/image/images API endpoint allows unauthenticated remote attackers to read arbitrary files from the server filesystem. Tautulli, a Python-based monitoring tool for Plex Media Server, is affected in all versions prior to 2.17.0. …

Remediation

Within 24 hours: Identify all Tautulli instances in your environment and document current versions. Within 7 days: Upgrade all Tautulli installations to version 2.17.0 or later immediately, as no vendor patch is available for earlier versions and the unauthenticated nature of this vulnerability makes it trivial to exploit. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2026-31831 vulnerability details – vuln.today

Back

CVE-2026-31831

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-31831

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code