This security bulletin contains one critical risk vulnerability.
CWE-862 - Missing Authorization
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can send a specially crafted request to the server and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.Vulnerable software versions
Emby Server: 22.214.171.124 - 126.96.36.199CPE2.3
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?