high advisory March 24, 2026

WWBN AVideo Unauthenticated decryptString Vulnerability

WWBN AVideo, up to version 26.0, contains an improper authentication vulnerability (CVE-2026-33512) in the API plugin's `decryptString` action, allowing unauthenticated users to decrypt publicly accessible ciphertext and potentially recover protected tokens/metadata.

WWBN AVideo is an open-source video platform. Versions up to and including 26.0 are vulnerable to an improper authentication issue within the API plugin. The decryptString action, intended for internal decryption processes, is exposed without any authentication requirements. Attackers can exploit this vulnerability to submit ciphertext, which is publicly accessible through endpoints like view/url2Embed.json.php, and receive the corresponding plaintext. Successful exploitation allows…

Detection coverage 2

Detect AVideo Unauthenticated decryptString Request

high

Detects unauthenticated requests to the AVideo decryptString API endpoint, indicative of CVE-2026-33512 exploitation attempts.

sigma tactics: initial_access techniques: T1190 sources: webserver, linux

Detect AVideo Public Ciphertext Access

low

Detects access to the public ciphertext endpoint url2Embed.json.php which may be used to gather ciphertext for CVE-2026-33512 exploitation.

sigma tactics: discovery techniques: T1595.002 sources: webserver, linux

Detection queries are kept inside the platform. Get full rules →