Vulnerability in Immich-app Immich

CVE-2026-25118

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication proc…

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.

Affected products

Immich-app Immich — versions < 2.6.0

Weakness classification (CWE)

CWE-598

References

https://github.com/immich-app/immich/security/advisories/GHSA-78x4-6x83-jx75 (x_refsource_CONFIRM)
https://github.com/immich-app/immich/pull/26868 (x_refsource_MISC)
https://github.com/immich-app/immich/pull/26886 (x_refsource_MISC)
https://github.com/immich-app/immich/releases/tag/v2.6.0 (x_refsource_MISC)