๐Ÿ” CVE Alert

CVE-2026-16224

MEDIUM 4.3

jxxghp MoviePilot Application API improper authorization

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the patch is dc2b6910a423b3bfadeffaa303e1ba75cfb33900. Applying a patch is the recommended action to fix this issue.

CWE CWE-285 CWE-266
Vendor jxxghp
Product moviepilot
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for jxxghp moviepilot

Be the first to know when new medium vulnerabilities affecting jxxghp moviepilot are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

jxxghp / MoviePilot
2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.13.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/380046 vuldb.com: https://vuldb.com/vuln/380046/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16224 vuldb.com: https://vuldb.com/submit/858227 github.com: https://github.com/jxxghp/MoviePilot/issues/5916 github.com: https://github.com/jxxghp/MoviePilot/commit/dc2b6910a423b3bfadeffaa303e1ba75cfb33900 github.com: https://github.com/jxxghp/MoviePilot/

Credits

๐Ÿ” geochen (VulDB User)