Jellyfin accessible without authentication #7040

New Issue

Closed

opened 2026-02-07 04:26:20 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-07 04:26:20 +03:00

Owner

Copy Link

Originally created by @mrwrenchy on GitHub (May 26, 2025).

Description of the bug

I have a jellyfin server running on my local network, and it is for some reason visible on windows file manager, but that only was not the problem
there seems to be some security issue? or something maybe is wrong on my side and I need to fix something, but I can just click on the jellyfin webserver and its accessible without any authentication.

Reproduction steps

I do not know how this is possible, I had also recently formatted this windows PC, so it should not have authenticated in any way to the server.

What is the current bug behavior?

The server can be accessed and files can be transferred without any authentication.

What is the expected correct behavior?

It should either ask me for authentication, or it shouldn't be visible at all.

Jellyfin Server version

10.10.0+

Specify commit id

No response

Specify unstable release number

No response

Specify version number

No response

Specify the build version

10.10.7

Environment

- OS: debian 12
- Linux Kernel: 6.1.0-29-amd64
- Virtualization: none
- Clients: findroid, jellyfin mpv shim, jellyfin android, jelyfin web
- Browser: chrome
- FFmpeg Version: 7.1.1-Jellyfin
- Playback Method: 
- Hardware Acceleration:
- GPU Model:
- Plugins: AudioDB, Chapter Segments Provider, DLNA, Fanart, IMVDb, LrcLib, Merge Versions, MusicBrainz, OMDb, Open Subtitles, Playback Reporting, Reports, Studio Images, Subtitle Extract, TMDb, TMDb Box Sets, TheTVDB
- Reverse Proxy: none
- Base URL: 192.168.1.100
- Networking: HOST
- Storage: local

Jellyfin logs

I checked on the jellyfin logs, there are no entries when I access the filesystem through windows.

FFmpeg logs

Client / Browser logs

No response

Relevant screenshots or videos

Additional information

No response

Originally created by @mrwrenchy on GitHub (May 26, 2025). ### Description of the bug I have a jellyfin server running on my local network, and it is for some reason visible on windows file manager, but that only was not the problem there seems to be some security issue? or something maybe is wrong on my side and I need to fix something, but I can just click on the jellyfin webserver and its accessible without any authentication. ### Reproduction steps I do not know how this is possible, I had also recently formatted this windows PC, so it should not have authenticated in any way to the server. ### What is the current _bug_ behavior? The server can be accessed and files can be transferred without any authentication. ### What is the expected _correct_ behavior? It should either ask me for authentication, or it shouldn't be visible at all. ### Jellyfin Server version 10.10.0+ ### Specify commit id _No response_ ### Specify unstable release number _No response_ ### Specify version number _No response_ ### Specify the build version 10.10.7 ### Environment ```markdown - OS: debian 12 - Linux Kernel: 6.1.0-29-amd64 - Virtualization: none - Clients: findroid, jellyfin mpv shim, jellyfin android, jelyfin web - Browser: chrome - FFmpeg Version: 7.1.1-Jellyfin - Playback Method: - Hardware Acceleration: - GPU Model: - Plugins: AudioDB, Chapter Segments Provider, DLNA, Fanart, IMVDb, LrcLib, Merge Versions, MusicBrainz, OMDb, Open Subtitles, Playback Reporting, Reports, Studio Images, Subtitle Extract, TMDb, TMDb Box Sets, TheTVDB - Reverse Proxy: none - Base URL: 192.168.1.100 - Networking: HOST - Storage: local ``` ### Jellyfin logs ```shell I checked on the jellyfin logs, there are no entries when I access the filesystem through windows. ``` ### FFmpeg logs ```shell ``` ### Client / Browser logs _No response_ ### Relevant screenshots or videos  ### Additional information _No response_

OVERLORD added the bug label 2026-02-07 04:26:20 +03:00

OVERLORD closed this issue 2026-02-07 04:26:22 +03:00

OVERLORD commented 2026-02-07 04:26:23 +03:00

Author

Owner

Copy Link

@jester-xbmc commented on GitHub (May 26, 2025):

Disable the DLNA plugin and try again ?

@jester-xbmc commented on GitHub (May 26, 2025): Disable the DLNA plugin and try again ?

OVERLORD commented 2026-02-07 04:26:24 +03:00

Author

Owner

Copy Link

@mrwrenchy commented on GitHub (May 27, 2025):

Hey, Thank you for the response, that worked for me, closing the issue now :).

@mrwrenchy commented on GitHub (May 27, 2025): Hey, Thank you for the response, that worked for me, closing the issue now :).

OVERLORD referenced this issue 2026-02-07 06:35:14 +03:00

[PR #7078] [MERGED] Improve metadata merge for identify #11258

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release-10.11.z

renovate/skiasharp-monorepo

JPVenson-patch-1

renovate/morestachio-5.x

release-10.9.z

openapi-cache

release-10.10.z

explicit-load

explicit-load-v2

feature/entity-framework

only-count-folder-item

fix/ci-workflow-refactor

release-10.8.z

release-10.7.z

EraYaN-add-management-interface

release-10.6.z

release-10.5.z

release-10.4.z

release-10.3.z

release-10.2.z

release-10.1.0

v10.11.6

v10.11.5

v10.11.4

v10.11.3

v10.11.2

v10.11.1

v10.11.0

v10.11.0-rc9

v10.11.0-rc8

v10.11.0-rc7

v10.11.0-rc6

v10.11.0-rc5

v10.11.0-rc4

v10.11.0-rc3

v10.11.0-rc2

v10.11.0-rc1

v10.10.7

v10.10.6

v10.10.5

v10.10.4

v10.10.3

v10.10.2

v10.10.1

v10.10.0

v10.9.11

v10.9.10

v10.9.9

v10.9.8

v10.9.7

v10.9.6

v10.9.5

v10.9.4

v10.9.3

v10.9.2

v10.9.1

v10.9.0

v10.8.13

v10.8.12

v10.8.11

v10.8.10

v10.8.9

v10.8.8

v10.8.7

v10.8.6

v10.8.5

v10.8.4

v10.8.3

v10.8.2

v10.8.1

v10.8.0

v10.8.0-beta3

v10.8.0-beta2

v10.8.0-beta1

v10.8.0-alpha5

v10.8.0-alpha4

v10.8.0-alpha3

v10.8.0-alpha2

v10.8.0-alpha1

v10.7.7

v10.7.6

v10.7.5

v10.7.4

v10.7.3

v10.7.2

v10.7.1

v10.7.0

v10.7.0-rc4

v10.7.0-rc3

v10.7.0-rc2

v10.7.0-rc1

v10.6.4

v10.6.3

v10.6.2

v10.6.1

v10.6.0

v10.5.5

v10.5.4

v10.5.3

v10.5.2

v10.5.1

v10.5.0

v10.4.3

v10.4.2

v10.4.1

v10.4.0

v10.3.7

v10.3.6

v10.3.5

v10.3.4

v10.3.3

v10.3.2

v10.3.1

v10.3.0

v10.3.0-rc2

v10.3.0-rc1

v10.2.2

v10.2.1

v10.2.0

v10.1.0

v10.0.1

v10.0.0

v10.0.2

v3.5.2-5

Labels

Clear labels

EFjellyfin.db

area:database

awaiting-feedback

backend

blocked

breaking change: web api

bug

build

ci

confirmed

discussion needed

dotnet future

downstream

duplicate

enhancement

feature

future

github-actions

good first issue

hdr

help wanted

invalid

investigation

librarydb

live-tv

lyrics

media playback

music

needs testing

nuget

performance

platform

pull-request

Mirrored from GitHub Pull Request

question

regression

release critical

requires-web

roadmap

security

security

stale

support

syncplay

ui & ux

upstream

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/jellyfin#7040