A vulnerability categorized as problematic has been discovered in immich-app immich up to 2.5.x . The affected element is an unknown function of the file /api/shared-links/me of the component URL Query Parameter Handler . Executing a manipulation can lead to use of get request method with sensitive query strings. The identification of this vulnerability is CVE-2026-25118 . The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.