motioneye
PyPI8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting motioneyepage 1 of 1
- CVE-2021-44255HIGHCVSS 7.2EG 7.22022-01-31
vulnerable: 0.27 ... 0.42.1 (56 versions)
Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the serve…
- CVE-2022-25568HIGHCVSS 7.5EG 9.0✓ Fixed in 0.43.1b12022-03-24
vulnerable: 0.27 ... 0.42.1 (56 versions)
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
- CVE-2025-47782HIGHCVSS 8.9EG 8.9✓ Fixed in 0.43.1b42025-05-14
vulnerable: 0.43.1b1, 0.43.1b2, 0.43.1b3
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API all…
- CVE-2025-60787HIGHCVSS 7.2EG 7.2✓ Fixed in 0.43.1b52025-10-03
vulnerable: 0.27 ... 0.43.1b4 (60 versions)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin a…
- CVE-2026-31978MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.44.02026-06-22
vulnerable: 0.27 ... 0.44.0b3 (65 versions)
motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/{i…
- CVE-2026-32315MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.44.02026-06-22
vulnerable: 0.27 ... 0.44.0b3 (65 versions)
motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--), making it…
- CVE-2026-46488CRITICALCVSS 0.0EG 0.0✓ Fixed in 0.44.02026-06-22
vulnerable: 0.27 ... 0.44.0b3 (65 versions)
motionEye: Authentication possible via password hash ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username a…
- CVE-2026-55488HIGHCVSS 7.7EG 7.7✓ Fixed in 0.44.02026-06-23
vulnerable: 0.27 ... 0.44.0b3 (65 versions)
motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file …
Check whether motioneye is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for motioneye CVEs against the assets you own.
Start Free Scan →