API Vulnerability in WWBN AVideo Open Source Video Platform
CVE-2026-34369

5.3MEDIUM

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-34369?

The AVideo platform contains a vulnerability in its API endpoints, specifically the get_api_video_file and get_api_video, that allows an attacker to access the full playback sources of password-protected videos without proper authentication. This design flaw allows unverified users to retrieve direct URLs for these videos, bypassing the intended security mechanisms that should enforce password checks. This vulnerability affects all versions of AVideo up to and including version 26.0. A patch has been introduced to address this issue.

Affected Version(s)

AVideo <= 26.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-q...

x_refsource_CONFIRM

https://github.com/WWBN/AVideo/commit/be344206f2f461c034a...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34369 Data

JSON

Wwbn

What is CVE-2026-34369?

Affected Version(s)

References

CVSS V3.1

Timeline