Hello Plex staff and community,
I came across a heise.de (Plex Media Server: Noch ungepatchte Zugriffsschwachstellen | heise online) article that says several access/authentication vulnerabilities in Plex Media Server remain unpatched. I’m running a production instance and am concerned about potential token theft or persistent unauthorized access.
Could someone from Plex confirm the following:
Will the next scheduled Plex update include fixes for these vulnerabilities?
If not, is there an estimated timeline for a vendor patch?
Which specific Plex versions are affected (if you can confirm)?
What immediate mitigations do you recommend for administrators until an official patch is released? (For example: disabling remote access, restricting IPs, rotating tokens/passwords, or other settings.)
I appreciate any official statement or link to a security advisory or release notes. Thank you for your help.
Best regards
