CRITICAL
immich-app
CVE published 2026-06-23
CVE-2026-53662
CVE-2026-53662 is a critical vulnerability in Immich, a self-hosted photo and video management solution. A reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The vulnerability exists from commit 4ffa26c9 until 4eb1003. The continue query parameter is read from the URL and passed to Sve [truncated]