{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28505", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T20:57:47.709Z", "datePublished": "2026-03-30T19:41:54.644Z", "dateUpdated": "2026-03-30T20:13:28.905Z"}, "containers": {"cna": {"title": "Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-95", "lang": "en", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m"}, {"name": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0"}], "affected": [{"vendor": "Tautulli", "product": "Tautulli", "versions": [{"version": "< 2.17.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T19:41:54.644Z"}, "descriptions": [{"lang": "en", "value": "Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co_names of the compiled code object. However, co_names only contains names from the outer code object. When a lambda expression is used, it creates a nested code object whose attribute accesses are stored in code.co_consts, NOT in code.co_names. The sandbox never inspects nested code objects. This issue has been patched in version 2.17.0."}], "source": {"advisory": "GHSA-m62j-gwm9-7p8m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T20:13:17.349793Z", "id": "CVE-2026-28505", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:13:28.905Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28505", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T20:13:17.349793Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:13:23.609Z"}}], "cna": {"title": "Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check", "source": {"advisory": "GHSA-m62j-gwm9-7p8m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Tautulli", "product": "Tautulli", "versions": [{"status": "affected", "version": "< 2.17.0"}]}], "references": [{"url": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m", "name": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0", "name": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co_names of the compiled code object. However, co_names only contains names from the outer code object. When a lambda expression is used, it creates a nested code object whose attribute accesses are stored in code.co_consts, NOT in code.co_names. The sandbox never inspects nested code objects. This issue has been patched in version 2.17.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-95", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T19:41:54.644Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28505", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:13:28.905Z", "dateReserved": "2026-02-27T20:57:47.709Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T19:41:54.644Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co_names of the compiled code object. However, co_names only contains names from the outer code object. When a lambda expression is used, it creates a nested code object whose attribute accesses are stored in code.co_consts, NOT in code.co_names. The sandbox never inspects nested code objects. This issue has been patched in version 2.17.0."}, {"lang": "es", "value": "Tautulli es una herramienta de monitoreo y seguimiento basada en Python para Plex Media Servidor. Antes de la versi\u00f3n 2.17.0, la funci\u00f3n str_eval() en notification_handler.py implementa un eval() en sandbox para plantillas de texto de notificaci\u00f3n. El sandbox intenta restringir los nombres invocables inspeccionando code.co_names del objeto de c\u00f3digo compilado. Sin embargo, co_names solo contiene nombres del objeto de c\u00f3digo externo. Cuando se utiliza una expresi\u00f3n lambda, esta crea un objeto de c\u00f3digo anidado cuyos accesos a atributos se almacenan en code.co_consts, NO en code.co_names. El sandbox nunca inspecciona objetos de c\u00f3digo anidados. Este problema ha sido parcheado en la versi\u00f3n 2.17.0."}], "id": "CVE-2026-28505", "lastModified": "2026-04-01T14:24:21.833", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-30T20:16:20.180", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/Tautulli/Tautulli/security/advisories/GHSA-m62j-gwm9-7p8m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-95"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.17.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Tautulli", "source": "cna", "vendor": "Tautulli"}, "product": "tautulli", "vendor": "tautulli"}], "analysis": {"en": {"generated_at": "2026-03-30T20:20:50.586352+00:00", "value": {"mitigation_remediation": ["Upgrade Tautulli to version 2.17.0 or later"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects the Tautulli monitoring tool, all versions prior to 2.17.0. Users running any earlier release are vulnerable.", "description_and_impact": "The vulnerability allows an attacker to execute arbitrary code by exploiting a sandboxed eval function used in notification text templates. A lambda expression creates a nested code object that bypasses the sandbox\u2019s whitelist of callable names, permitting execution of malicious code. This leads to complete compromise of the system\u2019s confidentiality, integrity, and availability.", "risk_and_exploitability": "With a CVSS score of 7.5, the flaw is considered high severity. The absence of an EPSS score means current exploit probability is unclear, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, as any user who can craft or influence notification messages can trigger the malicious lambda. Exploitation requires minimal prerequisites beyond the ability to send a crafted notification, and can lead to full code execution on the host running Tautulli."}}}}, "created": "2026-03-30T20:55:07.161055+00:00", "updated": "2026-03-31T20:40:20.141436+00:00", "vendors": ["tautulli", "tautulli$PRODUCT$tautulli"]}