Tag

Cve-2026-33502

1 brief RSS

AVideo Unauthenticated Server-Side Request Forgery Vulnerability

AVideo versions up to 26.0 are vulnerable to an unauthenticated server-side request forgery (SSRF) vulnerability in the `plugin/Live/test.php` endpoint, allowing attackers to make the server send arbitrary HTTP requests, potentially exposing internal resources and cloud metadata.

ssrf avideo cve-2026-33502 webserver

2r 1t Mar 23, 2026