Plex Media Server
3 CVEs affecting Plex Media Server. Latest disclosed: 2026-01-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-69414 | High | 8.5 | 2026-01-02 | Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token. |
CVE-2025-34158 | High | 8.5 | 2025-08-21 | Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the… |
CVE-2025-69415 | High | 7.1 | 2026-01-02 | In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is curre… |