CVE-2020-5741

HIGH KEV

Plex Media Server < 1.19.3 - Authenticated Remote Code Execution via Unpickle Deserialization

Title source: llm

Exploitation Summary

CVE-2020-5741 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 10, 2023. EIP tracks 1 public exploit from researchers including h00die, Chris Lyne, including a Metasploit module exploits/windows/http/plex_unpickle_dict_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated Python unsafe pickle.load vulnerability in Plex Media Server (CVE-2020-5741). It creates a photo library, uploads a malicious pickle file, and manipulates the LocalAppDataPath to trigger RCE as the Plex user.

Description

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Exploits (1)

metasploit WORKING POC NORMAL

by h00die, Chris Lyne · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/plex_unpickle_dict_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated Python unsafe pickle.load vulnerability in Plex Media Server (CVE-2020-5741). It creates a photo library, uploads a malicious pickle file, and manipulates the LocalAppDataPath to trigger RCE as the Plex user.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Plex Media Server (versions affected by CVE-2020-5741)

Auth required

Prerequisites: Valid Plex admin token · Network access to Plex Media Server · Write access to a directory on the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2020-32

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5741

Scores

CVSS v3 7.2

EPSS 0.7294

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-03-10

VulnCheck KEV 2023-02-27

InTheWild.io 2023-03-10

ENISA EUVD EUVD-2020-26900

CWE

CWE-502

Status published

Products (1)

plex/media_server < 1.19.3

Published May 08, 2020

KEV Added Mar 10, 2023

Tracked Since Feb 18, 2026