CVE-2026-11416

HIGH 8.1

MoviePilot Path Traversal via Cloud Storage Download Handlers

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename normalization or path validation. An attacker who controls a filename returned by a remote cloud storage API can include traversal sequences ../ in the filename to cause downloaded content to be written outside the configured download directory, potentially overwriting arbitrary files including configuration or plugin files reachable by the application process.

CWE	CWE-22
Vendor	jxxghp
Product	moviepilot
Published	Jun 5, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for jxxghp moviepilot

Be the first to know when new high vulnerabilities affecting jxxghp moviepilot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

jxxghp / MoviePilot

0 < 2.13.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/jxxghp/MoviePilot github.com: https://github.com/jxxghp/MoviePilot/issues/5894 github.com: https://github.com/jxxghp/MoviePilot/commit/a0b3800f6bf4857bf4f889a63d44350eb8380f28

Credits

Yu Sun