CVE-2026-35033
Published: 14 April 2026
Summary
CVE-2026-35033 is a critical-severity Argument Injection (CWE-88) vulnerability in Jellyfin Jellyfin. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely application of the vendor patch in version 10.11.7 that fixes the improper StreamOptions parsing and ffmpeg injection.
Requires validation of StreamOptions query parameters to neutralize argument delimiters and prevent ffmpeg command injection leading to arbitrary file reads.
Enforces least privilege on the Jellyfin process to block access to sensitive files like /etc/shadow even if ffmpeg argument injection succeeds.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an unauthenticated remote exploit of a public-facing Jellyfin media server application (T1190) that directly enables arbitrary local file reads on the server (T1005), as demonstrated by injection into the ffmpeg command to retrieve files like /etc/shadow via the stream response.
NVD Description
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any lowercase query…
more
parameter to a dictionary without validation, bypassing the RegularExpression attribute on the level controller parameter, and the unsanitized value is concatenated directly into the ffmpeg command line. By injecting a drawtext filter with a textfile argument, an attacker can read arbitrary server files such as /etc/shadow and exfiltrate their contents as text rendered in the video stream response. The vulnerable /Videos/{itemId}/stream endpoint has no Authorize attribute, making this exploitable without authentication, though item GUIDs are pseudorandom and require an authenticated user to obtain. This issue has been fixed in version 10.11.7.
Deeper analysisAI
CVE-2026-35033 is an unauthenticated arbitrary file read vulnerability in Jellyfin, an open source self-hosted media server. Versions prior to 10.11.7 are affected due to improper parsing of the StreamOptions query parameter in the ParseStreamOptions method within StreamingHelpers.cs. This method adds lowercase query parameters to a dictionary without validation, bypassing a RegularExpression attribute on the level controller parameter, and concatenates the unsanitized value directly into an ffmpeg command line executed by the /Videos/{itemId}/stream endpoint, which lacks an Authorize attribute.
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction. Although the endpoint requires a pseudorandom item GUID typically obtained by an authenticated user, the attacker can inject a drawtext filter with a textfile argument into the ffmpeg command to read arbitrary server files, such as /etc/shadow. The contents are then exfiltrated as text rendered in the video stream response. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-88 (Improper Neutralization of Argument Delimiters) and CWE-862 (Missing Authorization).
Jellyfin has addressed this issue in version 10.11.7, as detailed in the release notes and security advisory. Security practitioners should upgrade to 10.11.7 or later and review access to item GUIDs to limit exposure.
Details
- CWE(s)