CVE-2020-5741 — Plex Media Server

Plex Media Server Remote Code Execution Vulnerability

Added to KEV

2023-03-10

Federal due date

2023-03-31

Vendor

Plex

Product

Media Server

EPSS

97.1th percentile (score 0.352, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2020-5741

CISA short description

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.