Lizardbyte Sunshine
9 CVEs affecting Lizardbyte Sunshine. Latest disclosed: 2026-05-22. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32253 | Critical | 9.8 | 2026-05-22 | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because o… |
CVE-2025-53095 | Critical | 9.7 | 2025-07-01 | Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Fo… |
CVE-2024-31220 | High | 7.3 | 2024-04-05 | Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbi… |
CVE-2025-54081 | Medium | 6.7 | 2025-09-23 | Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted ex… |
CVE-2024-45407 | Medium | 6.5 | 2024-09-10 | Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an… |
CVE-2024-31221 | Medium | 5.9 | 2024-04-08 | Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI int… |
CVE-2025-53096 | Medium | 5.4 | 2025-07-01 | Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks… |
CVE-2024-31226 | Medium | 4.9 | 2024-05-16 | Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when te… |
CVE-2024-51738 | | 2025-01-20 | Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and… |