CVE-2026-3966
CVE-2026-3966 affects the 648540858 wvp-GB28181-pro package up to version 2.7.4-20260107. The issue lies in the getDownloadFilePath function of ABLMediaNodeServerService.java under the IP Address Handler; manipulating the MediaServer.streamIp argument triggers server-side request forgery (SSRF). ...