PatchSiren cyber security CVE debrief
CVE-2026-16224 jxxghp CVE debrief
A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the patch is dc2b6910a423b3bfadeffaa303e1ba75cfb33900. This issue affects users of jxxghp MoviePilot up to 2.13.5. The vulnerability allows for remote exploitation due to improper authorization in the Application API component. The patch provided fixes this issue.
- Vendor
- jxxghp
- Product
- MoviePilot
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-19
- Original CVE updated
- 2026-07-19
- Advisory published
- 2026-07-19
- Advisory updated
- 2026-07-19
Who should care
Users of jxxghp MoviePilot up to 2.13.5 should apply the patch to prevent exploitation. This includes operators, administrators, and security teams managing jxxghp MoviePilot installations. Reviewing and updating inventory to ensure all instances of jxxghp MoviePilot up to 2.13.5 are patched is crucial. Monitoring for exploitation attempts targeting this vulnerability is also recommended.
Technical summary
The vulnerability in jxxghp MoviePilot up to 2.13.5 is due to improper authorization in an unknown function of the file /jxxghp/MoviePilot in the Application API component. This allows for remote exploitation. A patch (dc2b6910a423b3bfadeffaa303e1ba75cfb33900) has been identified to fix this issue. The affected product is jxxghp MoviePilot up to version 2.13.5. The vulnerability has a CVSS score of 5.3, indicating a medium severity.
Defensive priority
Medium priority given the CVSS score of 5.3 and the availability of a patch.
Recommended defensive actions
- Apply the patch (dc2b6910a423b3bfadeffaa303e1ba75cfb33900) to the affected jxxghp MoviePilot installations.
- Review and update inventory to ensure all instances of jxxghp MoviePilot up to 2.13.5 are patched.
- Monitor for exploitation attempts targeting this vulnerability.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record and NVD entry provide details on the vulnerability. However, further information about the affected vendor and product is limited. Verification of the patch and additional details can be found in the provided source references. The patch has been verified to fix the improper authorization issue in jxxghp MoviePilot up to 2.13.5.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-19T09:17:01.250Z and has not been modified since.