CVE-2020-5741: Plex Media Server Remote Code Execution Vulnerability

CVE ID

CVE-2020-5741

Vulnerability Name

Plex Media Server Remote Code Execution Vulnerability

• Project: Plex
• Product: Media Server

Date

• Date Added: 2023-03-10
• Due Date: 2023-03-31

Description

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741

Related Security News

• 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158
• Plex warns users to patch security vulnerability immediately

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List