CVE-2026-35033 Overview
CVE-2026-35033 is a critical command injection vulnerability affecting Jellyfin, the popular open-source self-hosted media server. This vulnerability allows unauthenticated attackers to read arbitrary files from the server through ffmpeg argument injection via the StreamOptions query parameter parsing mechanism.
The flaw exists in how Jellyfin's ParseStreamOptions method in StreamingHelpers.cs processes query parameters. The method adds any lowercase query parameter to a dictionary without proper validation, bypassing the RegularExpression attribute on the level controller parameter. The unsanitized values are then concatenated directly into the ffmpeg command line, enabling attackers to inject malicious arguments.
Critical Impact
Attackers can leverage this vulnerability to read sensitive server files such as /etc/shadow by injecting a drawtext filter with a textfile argument, exfiltrating file contents as text rendered in the video stream response.
Affected Products
- Jellyfin versions prior to 10.11.7
Discovery Timeline
- 2026-04-14 - CVE-2026-35033 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-35033
Vulnerability Analysis
This vulnerability falls under CWE-88 (Improper Neutralization of Argument Delimiters in a Command), commonly known as Argument Injection. The core issue stems from insufficient input validation in the video streaming endpoint's query parameter handling.
The vulnerable /Videos/{itemId}/stream endpoint lacks an Authorize attribute, making it accessible without authentication. While item GUIDs are pseudorandom and typically require an authenticated user to obtain, this still represents a significant security boundary violation when combined with the argument injection flaw.
The attack exploits ffmpeg's flexibility in accepting filter arguments. By crafting malicious query parameters that bypass the intended validation, an attacker can inject arbitrary ffmpeg arguments including the drawtext filter. This filter supports a textfile argument that reads file contents and renders them as text overlay on the video output.
Root Cause
The root cause lies in the ParseStreamOptions method within StreamingHelpers.cs. This method processes incoming query parameters and adds any lowercase parameter to a dictionary without proper validation or sanitization. The existing RegularExpression attribute on the level controller parameter is insufficient as it can be bypassed through the lowercase parameter handling logic.
When these parameters are later used to construct the ffmpeg command line, they are concatenated directly without escaping or validation, allowing attackers to inject arbitrary ffmpeg arguments and filters.
Attack Vector
The attack is network-based and requires no authentication to execute. An attacker with knowledge of a valid item GUID can craft a malicious request to the /Videos/{itemId}/stream endpoint with specially crafted query parameters.
The attack flow involves:
- Obtaining a valid media item GUID (which may require prior authenticated access or enumeration)
- Crafting a malicious request with injected ffmpeg arguments in the StreamOptions query parameters
- Injecting a drawtext filter with a textfile parameter pointing to sensitive files like /etc/shadow
- Receiving the video stream response with the file contents rendered as text overlay
For detailed technical information about this vulnerability, refer to the GitHub Security Advisory GHSA-jh22-fw8w-2v9x.
Detection Methods for CVE-2026-35033
Indicators of Compromise
- Unusual requests to /Videos/{itemId}/stream endpoints with non-standard query parameters
- HTTP requests containing ffmpeg filter syntax such as drawtext, textfile, or filter chain operators
- Access attempts to sensitive file paths in stream-related logs (e.g., /etc/shadow, /etc/passwd)
- Anomalous video streaming requests from unauthorized or external IP addresses
Detection Strategies
- Monitor web server access logs for requests to video streaming endpoints with suspicious query strings containing ffmpeg arguments
- Implement Web Application Firewall (WAF) rules to detect and block requests containing ffmpeg filter injection patterns
- Configure intrusion detection systems (IDS) to alert on patterns matching command injection attempts in media streaming requests
- Review Jellyfin application logs for ffmpeg execution errors or unusual file access patterns
Monitoring Recommendations
- Enable detailed logging for the Jellyfin application and monitor for anomalous streaming requests
- Implement rate limiting on video streaming endpoints to slow potential exploitation attempts
- Deploy network-level monitoring to detect exfiltration of sensitive data through video stream responses
- Set up alerts for failed authentication attempts followed by direct access to streaming endpoints
How to Mitigate CVE-2026-35033
Immediate Actions Required
- Upgrade Jellyfin to version 10.11.7 or later immediately
- If immediate upgrade is not possible, restrict network access to the Jellyfin server to trusted networks only
- Review access logs for evidence of exploitation attempts
- Audit server for signs of sensitive file access or data exfiltration
Patch Information
Jellyfin has addressed this vulnerability in version 10.11.7. The fix properly validates and sanitizes query parameters before they are used in ffmpeg command construction, preventing argument injection attacks.
Users should upgrade to the patched version by following the instructions in the Jellyfin Release v10.11.7 documentation.
Workarounds
- Place Jellyfin behind a reverse proxy that filters suspicious query parameters containing ffmpeg-related syntax
- Implement network-level access controls to restrict access to the Jellyfin server from untrusted networks
- Consider disabling unauthenticated access to streaming endpoints if operationally feasible
- Deploy a WAF with rules specifically designed to block command injection patterns in query strings
# Example nginx configuration to restrict access
# Add to your Jellyfin reverse proxy configuration
location ~ /Videos/.*/stream {
# Block requests with potential ffmpeg injection patterns
if ($query_string ~* "(drawtext|textfile|filter)" ) {
return 403;
}
proxy_pass http://jellyfin:8096;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
