A vulnerability classified as critical was found in Tautulli up to 2.17.0 . Affected by this vulnerability is an unknown functionality of the component Endpoint . Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2026-43986 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.