HIGH 7.7

CVE-2026-10107: MoviePilot v2 SSRF in Image Proxy Allows Internal Network Access

MoviePilot v2 has a security flaw in its image proxy feature that lets authenticated users access internal network resources they shouldn't be able to reach. An attacker with valid login credentials can trick the proxy into fetching files or services from private networks—like personal media servers—by crafting requests with specific cookies and domain names. The vulnerability exists because the security check only verifies that a domain name appears to be allowed, but doesn't block access to internal, private, or loopback addresses. This means an attacker could map out internal services or steal data from them.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.7 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Weaknesses (CWE)
CWE-918
Affected products
0 configuration(s)
Published / Modified
2026-05-29 / 2026-06-17

NVD description (verbatim)

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protections because the SecurityUtils.is_safe_url function performs only domain-membership checking without blocking private, loopback, or link-local addresses, enabling enumeration of internal services such as Jellyfin, Emby, or Plex and exfiltration of data from internal network resources.

12 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10107 is a server-side request forgery (SSRF) vulnerability in MoviePilot v2's image proxy endpoint. The vulnerability arises from improper validation in the SecurityUtils.is_safe_url function, which performs domain-membership checking against an allowlist but fails to filter private IP ranges (RFC 1918), loopback addresses (127.0.0.1), or link-local addresses. Authenticated attackers who supply a valid resource_token cookie can bypass the domain check by crafting URLs whose domain matches an allowed entry while the underlying IP resolves to an internal resource. This allows enumeration and data exfiltration from internal network services such as Jellyfin, Emby, or Plex. The vulnerability is classified as CWE-918 (Server-Side Request Forgery).

Business impact

This vulnerability exposes organizations running MoviePilot v2 to internal network reconnaissance and data theft. An insider or compromised user account can enumerate and access media servers, databases, or other services on the internal network that are assumed to be protected by network segmentation. Organizations relying on MoviePilot as a gateway or integration point for media management face risk of intellectual property exfiltration, unauthorized access to personal or sensitive media libraries, and potential lateral movement within the network if those internal services have further vulnerabilities.

Affected systems

MoviePilot v2 is affected. The vulnerability requires an authenticated context—an attacker must possess valid credentials and a resource_token cookie—but no special network position or user interaction is needed beyond the initial authentication.

Exploitability

Exploitability is moderate to high for insiders or those with valid credentials. The attack surface is limited to authenticated users, which reduces the immediate threat from the broader internet. However, credential compromise is common, and the low complexity of crafting a malicious request (a specially formatted URL plus cookie) makes exploitation straightforward once access is gained. No user interaction is required. The impact is also broad—the vulnerability allows access to any internal service reachable from the MoviePilot server, making it useful for reconnaissance and data theft.

Remediation

Apply a security patch when available from the MoviePilot development team. In the interim, restrict network access to MoviePilot's image proxy endpoint, limit authenticated user accounts to those with a genuine need, and implement network segmentation to isolate internal services from the MoviePilot server. Monitor outbound requests from MoviePilot to internal IP ranges for signs of abuse. Verify that your allowlist configuration does not inadvertently permit internal domain names to resolve to private addresses.

Patch guidance

Monitor the MoviePilot project for version updates addressing CVE-2026-10107. Patches should include validation logic that explicitly blocks RFC 1918 private IP ranges, loopback addresses, and link-local addresses, even if they are reached through domain-name resolution. When a patch is released, prioritize deployment in environments where MoviePilot is connected to sensitive internal networks. Verify against the vendor advisory that the patch has fixed the domain-to-IP bypass scenario.

Detection guidance

Monitor network traffic from MoviePilot servers for outbound connections to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8) or unusual internal service access. Review web server logs for requests to the image proxy endpoint that contain unusual URL parameters or domain names that resolve to internal addresses. Check authentication logs for access patterns that correlate with internal network scanning. Use DNS query logging to identify when internal domains are queried from MoviePilot, and correlate with proxy requests to that domain.

Why prioritize this

This is a high-severity issue (CVSS 7.7) with broad impact on confidentiality. While it requires prior authentication, authenticated access is often available to multiple users within an organization, and credentials are frequently compromised. The ability to enumerate and access internal services without additional barriers makes it a strong candidate for rapid remediation, especially in networks where MoviePilot is trusted to sit on a boundary between user-facing and internal systems.

Risk score, explained

The CVSS 3.1 score of 7.7 (HIGH) reflects high confidentiality impact (attackers can read data from internal services), unchanged integrity and availability, and a network-accessible attack vector. The score is elevated by the broad scope (the attacker accesses systems beyond the vulnerable component itself), but mitigated by the requirement for prior authentication (PR:L) and low complexity exploitation (AC:L). No user interaction is required. This profile—high-impact, remotely exploitable, but authentication-gated—justifies a HIGH severity rating and should trigger rapid patching in most risk-management frameworks.

Frequently asked questions

Do I need network access to MoviePilot to exploit this, or can it be exploited remotely?

You need valid credentials and a resource_token cookie, but once authenticated, the attack is remote. Authentication may be compromised through phishing, weak passwords, or credential reuse elsewhere, so treating this as a remotely exploitable vulnerability is prudent.

What internal services are most at risk?

Media servers (Jellyfin, Emby, Plex) are explicitly mentioned in the CVE description, but any service reachable from the MoviePilot server is at risk—including databases, internal APIs, configuration systems, or other microservices not intended for external access.

Does the vulnerability allow me to modify data on internal services, or only read it?

The vulnerability enables the attacker to request URLs on behalf of the MoviePilot server; what they can do depends on the internal service. Most media servers allow unauthenticated or default-authenticated reads of library metadata, but modifications depend on whether the internal service requires authentication or permits unsafe operations via GET requests.

Can network segmentation alone protect us until a patch is available?

Segmentation helps significantly—restrict MoviePilot's network access to only the services it legitimately needs. However, if MoviePilot must reach internal services (e.g., a media library) for its function, you cannot fully block SSRF via segmentation alone. Prioritize patching and temporary access controls on MoviePilot itself.

This analysis is based on available CVE information and the provided source data. Specific affected product versions, patch availability, and patch version numbers should be verified directly with the MoviePilot maintainers and project advisories. This page does not provide exploit code or step-by-step attack instructions. Organizations should conduct their own risk assessment and testing in isolated environments before deploying patches or changes to production systems. SEC.co makes no warranty regarding the completeness or accuracy of this information beyond what is stated in the referenced CVE record. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).