CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

CVE-2026-33483

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

CVE-2026-33483

The connected advisory details an unauthenticated, public endpoint in AVideo: objects/aVideoEncoderChunk.json.php, exposed at /aVideoEncoderChunk.json, that accepts POST data without authentication or input size limits. It writes the request body to persistent temp files (e.g., /tmp/YTPChunk_*) w...

Allocation of Resources Without Limits or Throttling

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the aVideoEncoderChunk.json.php endpoint. An attacker can exhaust server disk space by sending large or...