{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-41055/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.6,"id":"CVE-2026-41055"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","avideo","cve-2026-41055"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWWBN AVideo, an open-source video platform, is vulnerable to Server-Side Request Forgery (SSRF) in versions 29.0 and below. The vulnerability, identified as CVE-2026-41055, stems from an incomplete fix in the LiveLinks proxy. While the fix introduced \u003ccode\u003eisSSRFSafeURL()\u003c/code\u003e validation, it fails to address Time-of-Check Time-of-Use (TOCTOU) vulnerabilities related to DNS rebinding. This flaw allows attackers to bypass the intended SSRF protection by manipulating DNS responses between the validation check and the actual HTTP request, potentially redirecting traffic to internal, sensitive endpoints. The vulnerability can be remediated by applying the updated fix found in commit 8d8fc0cadb425835b4861036d589abcea4d78ee8. Exploitation could lead to information disclosure or unauthorized access to internal services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an AVideo instance running a vulnerable version (\u0026lt;= 29.0).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious URL targeting the AVideo LiveLinks proxy feature.\u003c/li\u003e\n\u003cli\u003eThe malicious URL is designed to leverage DNS rebinding techniques.\u003c/li\u003e\n\u003cli\u003eThe AVideo server first validates the URL using \u003ccode\u003eisSSRFSafeURL()\u003c/code\u003e, which initially resolves to a safe, external IP address.\u003c/li\u003e\n\u003cli\u003eAfter validation, but before the HTTP request is made, the DNS record for the malicious URL is altered to point to an internal IP address.\u003c/li\u003e\n\u003cli\u003eThe AVideo server, due to the TOCTOU vulnerability, now makes an HTTP request to the attacker-controlled internal IP address.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to internal resources or services through the AVideo server.\u003c/li\u003e\n\u003cli\u003eAttacker exfiltrates sensitive data or pivots to other internal systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability (CVE-2026-41055) in WWBN AVideo could allow attackers to access sensitive internal resources that are not intended to be exposed to the public internet. An attacker could potentially read internal configuration files, access databases, or even execute commands on internal systems, depending on the exposed services. The specific impact will vary depending on the organization\u0026rsquo;s internal network configuration and the services running behind the AVideo server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade WWBN AVideo to a version containing the complete SSRF fix, referencing commit 8d8fc0cadb425835b4861036d589abcea4d78ee8.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of potential SSRF vulnerabilities by restricting access from the AVideo server to only necessary internal resources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious AVideo SSRF Attempt\u003c/code\u003e to detect potential exploitation attempts via web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual outbound connections from the AVideo server to internal IP addresses based on the \u003ccode\u003enetwork_connection\u003c/code\u003e log source.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-wwbn-avideo-ssrf/","summary":"WWBN AVideo versions 29.0 and below are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix in the LiveLinks proxy, potentially allowing attackers to redirect traffic to internal endpoints.","title":"WWBN AVideo SSRF Vulnerability (CVE-2026-41055)","url":"https://feed.craftedsignal.io/briefs/2026-04-wwbn-avideo-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-41055","version":"https://jsonfeed.org/version/1.1"}