If you run Plex Media Server, it’s time to drop everything and update. The company has quietly patched a security issue that affects recent versions of its software, and users are being told to upgrade as soon as possible.
According to an email Plex sent to affected customers, versions 1.41.7.x through 1.42.0.x are vulnerable. The newly released build, 1.42.1.10060 or later, contains the fix. Plex says the flaw was found through its bug bounty program, but sadly, it has not publicly shared details about how severe the issue is or whether it could be exploited remotely.
Plex isn’t saying whether this vulnerability could be used to run code on a server or gain unauthorized access, but its urgency in contacting users directly suggests it’s not something to ignore. If your Plex instance is exposed to the internet for remote streaming, the risk could be even greater.
Updating is straightforward: you can do it through the server’s management page or by downloading the installer from Plex’s official site. If you self-host, it’s also a good moment to review your setup, disable outside access if you don’t need it, and check your logs for anything suspicious.
Plex has had its share of security incidents in the past, including a 2022 breach that forced a password reset for all users. While there’s no evidence this latest issue has been exploited in the wild, the best move is to patch now and ask questions later.
The update is available today, and if you haven’t installed it yet, you should make it your next click.
