CVE-2025-69414
HIGH WAF: Low
CVSS 7.1
Published: 2026-01-02
CWE-863
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| plex | media_server | up to 1.42.2.10156 |
References
- github.com (Exploit, Third Party Advisory)