Skip to content
ProtocolPorts

Port reference

Port 32400 (TCP) – Plex Media Server

Default HTTP port for Plex Media Server, serving the web app, API, and media streaming to clients.

tcpRegisteredCommonly attacked

Default state

Open on Plex Media Server hosts; often reachable via remote access and sometimes exposed directly to the internet.

Common attacks

  • Unauthorized access to exposed media libraries and the web API
  • Account/token abuse to reach a server without local credentials
  • Exploitation of past Plex vulnerabilities (SSRF, UDP amplification)
  • Scanning and indexing of internet-exposed Plex servers

CVE-2020-5740

Hardening

  • Keep Plex Media Server updated to patch known vulnerabilities
  • Require Plex authentication and disable insecure/anonymous access
  • Avoid direct internet exposure; use Plex relay or a VPN
  • Disable the GDM/DLNA discovery services if unused
  • Run Plex as an unprivileged user and restrict library file permissions

nmap snippet

nmap -p32400 --script http-title <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 32400?

Port 32400 is the default for Plex Media Server. It serves the web app, the HTTP API, and media streaming to Plex clients on your network and, via remote access, beyond it. Companion services include DLNA and GDM discovery. The server indexes your media libraries and authenticates clients against your Plex account.

Why it matters for security

A directly exposed 32400 can leak media libraries and expose the web API. Plex has had real vulnerabilities — including a UDP amplification vector and SSRF/path-traversal flaws (e.g. CVE-2020-5740) — so an unpatched, internet-facing server is a meaningful risk. Account and token abuse can also let an attacker reach a server without local credentials.

How it's attacked

Attackers scan for exposed Plex servers (which are widely indexed) and probe the web API for unauthenticated access to libraries. They exploit known CVEs on unpatched servers — SSRF and amplification — and attempt account/token abuse to reach servers remotely.

Hardening checklist

Keep Plex updated — patching closes the known SSRF and amplification issues. Require Plex authentication and disable insecure or anonymous access. Avoid direct internet exposure: rely on Plex relay or a VPN instead of opening 32400. Disable GDM/DLNA if unused, run Plex as an unprivileged user, and restrict library file permissions. Use the nmap snippet above against servers you operate.

Related ports

Port 32469Port 8324Port 1900

Frequently asked questions

Should I expose port 32400 to the internet?
Prefer not to. Plex's remote access and relay handle external streaming without opening 32400 directly. If you must, keep the server fully patched and require Plex account authentication, since exposed servers are scanned and indexed.
Has Plex had security vulnerabilities?
Yes. Plex Media Server has had issues including a UDP amplification vector and SSRF/path traversal flaws (e.g. CVE-2020-5740). Keeping the server updated is the single most important mitigation.