CVE-2026-32275 in Tautulliinfo

Summary

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.

Responsible

GitHub_M

Reservation

03/11/2026

Disclosure

03/30/2026

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
354261Tautulli JSONP Call cross site scripting79Not definedOfficial fixCVE-2026-32275

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!