CVE-2026-43885

UNKNOWN 0.0

WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an updated fix.

CWE	CWE-200 CWE-862
Vendor	wwbn
Product	avideo
Published	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for wwbn avideo

Be the first to know when new unknown vulnerabilities affecting wwbn avideo are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

WWBN / AVideo

<= 29.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/WWBN/AVideo/security/advisories/GHSA-xr49-f4rh-qcjf github.com: https://github.com/WWBN/AVideo/commit/1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b