Tag

Cve-2026-39370

1 brief RSS

WWBN AVideo SSRF Vulnerability via Incomplete CVE-2026-27732 Fix

WWBN AVideo is vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix for CVE-2026-27732, allowing authenticated uploaders to bypass SSRF protection by providing a `downloadURL` with a common media extension, leading to internal response exfiltration.

ssrf avideo cve-2026-39370

2r 1t 2c 1i 3w ago