A vulnerability classified as problematic has been found in Jellyfin up to 10.11.8 . This vulnerability affects unknown code of the component Access Tab . This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-49220 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.