Lucene search
K

CVE-2026-43884

๐Ÿ—“๏ธย 11 May 2026ย 20:44:08Reported byย GitHub_MTypeย 
cve
ย cve
๐Ÿ”—ย web.nvd.nist.gov๐Ÿ“ฐ๏ธย 1ย Media mentions๐Ÿ‘ย 10ย Views๐ŸŒ WEB

CVE-2026-43884: AVideo SSRF bypass via HTTP redirect to internal metadata after isSSRFSafeURL validation.

Related
Detection
Affected
Refs
Paths
Social
Vulners
Node
wwbnavideoRangeโ‰ค29.0
[
  {
    "vendor": "WWBN",
    "product": "AVideo",
    "versions": [
      {
        "version": "<= 29.0",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
urlrequest bodyplugin/AI/receiveAsync.json.phpSSRF via user-supplied URL validated then fetched, bypassing protections due to redirect to internal addresses.CWE-918
urlrequest bodyobjects/EpgParser.phpSSRF via user-supplied URL validated then fetched, bypassing protections due to redirect to internal addresses.CWE-918

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:50Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.7
EPSS0.00348
SSVC
10