9 matches found
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
EUVD-2026-8871
VideoLAN VLC for Android prior to version 3.7.0 contain an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26228
VLC for Android prior to 3.7.0 is affected by a path traversal vulnerability in the Remote Access Server’s GET /download endpoint. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allo...
PT-2026-22170
Name of the Vulnerable Software and Affected Versions VideoLAN VLC for Android versions prior to 3.7.0 Description The Remote Access Server feature in VideoLAN VLC for Android has an authentication bypass due to inadequate rate limiting on one-time password OTP verification. The server utilizes a...
VLC for Android beta - BSD license, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application VLC for Android beta published at the 'play' market has multiple vulnerabilities...