{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31978", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:40:10.487Z", "datePublished": "2026-06-24T20:28:24.286Z", "dateUpdated": "2026-06-24T20:28:24.286Z"}, "containers": {"cna": {"title": "motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3"}, {"name": "https://github.com/motioneye-project/motioneye/releases/tag/0.44.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/motioneye-project/motioneye/releases/tag/0.44.0"}], "affected": [{"vendor": "motioneye-project", "product": "motioneye", "versions": [{"version": "< 0.44.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-24T20:28:24.286Z"}, "descriptions": [{"lang": "en", "value": "motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/{id}/preview/{filename}. Neither the API handlers, nor the mediafiles.py functions such as get_media_preview() check for .. sequences in the filename parameter, except for get_media_content(). This allows an authenticated user with normal (non-admin) privileges to read arbitrary files from the filesystem as the motionEye process user, such as: /etc/passwd, /etc/shadow, motionEye config files containing password hashes and plaintext passwords, SSH keys, and other cameras' surveillance footage. This issue has been fixed in version 0.44.0."}], "source": {"advisory": "GHSA-g9fx-5r4h-pcw3", "discovery": "UNKNOWN"}}}}

{}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.44.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "motioneye", "source": "cna", "vendor": "motioneye-project"}, "product": "motioneye", "vendor": "motioneye_project"}], "created": "2026-06-24T22:45:15.371115+00:00", "updated": "2026-06-25T05:15:03.328014+00:00", "vendors": ["motioneye_project", "motioneye_project$PRODUCT$motioneye"]}