{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33297/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-33297","credential-access","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWWBN AVideo is an open-source video platform. A critical vulnerability exists in versions prior to 26.0 within the CustomizeUser plugin. Specifically, the \u003ccode\u003esetPassword.json.php\u003c/code\u003e endpoint is susceptible to a logic error affecting channel password assignments. When an administrator attempts to set a channel password containing non-numeric characters for any user, the system incorrectly coerces the password to the integer zero before storing it. This effectively sets the channel password to \u0026lsquo;0\u0026rsquo;…\u003c/p\u003e\n","date_modified":"2026-03-23T14:16:33Z","date_published":"2026-03-23T14:16:33Z","id":"/briefs/2024-01-avideo-password-bypass/","summary":"WWBN AVideo versions prior to 26.0 are vulnerable to a credential access vulnerability where passwords containing non-numeric characters are incorrectly processed, effectively setting the password to '0' and allowing trivial channel access bypass.","title":"WWBN AVideo Channel Password Bypass Vulnerability (CVE-2026-33297)","url":"https://feed.craftedsignal.io/briefs/2024-01-avideo-password-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33297","version":"https://jsonfeed.org/version/1.1"}