Immich-app Immich
5 CVEs affecting Immich-app Immich. Latest disclosed: 2026-04-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35455 | High | 7.3 | 2026-04-08 | immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer al… |
CVE-2026-23896 | High | 7.2 | 2026-01-29 | immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling th… |
CVE-2026-40096 | | 2026-04-14 | immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared albu… | |
CVE-2026-25118 | | 2026-04-03 | immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclo… | |
CVE-2025-43856 | | 2025-07-11 | immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, becau… |