Is Python affected by CVE-2026-32275?

Tautulli versions 1.3.10 through 2.16.x contain a stored/reflected XSS vulnerability in JSONP callback parameters that could allow attackers to steal API keys from authenticated administrators through social engineering.

CVE-2026-32275

EUVD-2026-17208 HIGH

2026-03-30 [email protected]

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 30, 2026 - 20:22 vuln.today

EUVD ID Assigned

Mar 30, 2026 - 20:22 euvd

EUVD-2026-17208

CVE Published

Mar 30, 2026 - 20:16 nvd

HIGH 7.4

Description

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.

Analysis

Cross-site scripting (XSS) in Tautulli 1.3.10 through 2.16.x allows remote attackers to inject malicious scripts via unsanitized JSONP callback parameters, enabling API key theft from authenticated users who click crafted links. The vulnerability requires social engineering (UI:A in CVSS) and affects the Plex monitoring tool's web interface. …

Remediation

Within 24 hours: Inventory all Tautulli deployments and identify instances running versions 1.3.10-2.16.x; communicate risk to administrators. Within 7 days: Upgrade to the latest patched version (2.17.0 or later per GitHub advisory); apply Content Security Policy headers to restrict script execution on the Tautulli web interface. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +37

POC: 0

CVE-2026-32275 vulnerability details – vuln.today

Back

CVE-2026-32275

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-32275

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code