cbcvebase.

Motioneye Project Motioneye vulnerabilities

9 known vulnerabilities affecting motioneye_project/motioneye.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-60787P2HIGHCVSS 7.2PoCv0.42.1v0.43.12025-10-03
CVE-2025-60787 [HIGH] CWE-20 CVE-2025-60787: MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters suc MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
ghsanvdosv
CVE-2022-25568P3HIGHCVSS 7.5PoC≤ 0.42.12022-03-24
CVE-2022-25568 [HIGH] CWE-1188 CVE-2022-25568: MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /c MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
ghsanvdosv
CVE-2026-55488P3HIGH≥ 0, < 0.44.02026-06-23
CVE-2026-55488 [HIGH] CWE-22 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read ### Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using `os.path.join()`. When an
ghsa
CVE-2025-47782P3HIGH≥ 0.43.1b1, < 0.43.1b42025-05-15
CVE-2025-47782 [HIGH] CWE-78 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution ### Summary Using a constructed (camera) device path with the `config/add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, `motion` by default. #### functio
ghsaosv
CVE-2021-44255P3HIGHCVSS 7.2fixed in 0.42.12022-01-31
CVE-2021-44255 [HIGH] CWE-306 CVE-2021-44255: Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a rem Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
ghsanvdosv
CVE-2026-31978P3MEDIUM≥ 0, < 0.44.02026-06-22
CVE-2026-31978 [MEDIUM] CWE-22 motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint ### Summary motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the filename
ghsa
CVE-2026-32315P3HIGHCVSS 7.2≥ 0, < 0.44.02026-06-22
CVE-2026-32315 [HIGH] CWE-732 motionEye's World-Readable Configuration File Exposes Admin Password Hash motionEye's World-Readable Configuration File Exposes Admin Password Hash # Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local user on the system. This file contains sensit
ghsa
CVE-2026-55863MEDIUM≥ 0, < 0.44.02026-06-23
CVE-2026-55863 [MEDIUM] CWE-862 motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution ## Summary The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.). #
ghsa
CVE-2026-46488CRITICAL≥ 0, < 0.44.02026-06-22
CVE-2026-46488 [CRITICAL] CWE-256 motionEye: Authentication possible via password hash motionEye: Authentication possible via password hash ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate
ghsa
Motioneye Project Motioneye vulnerabilities | cvebase