Denial of Service Vulnerability in WWBN AVideo Live Streaming Platform
CVE-2026-34731

7.5HIGH

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-34731?

The AVideo platform, developed by WWBN, is susceptible to a vulnerability that allows unauthenticated users to disrupt live streams. Specifically, the on_publish_done.php endpoint in the Live plugin fails to implement necessary authentication or authorization checks, enabling attackers to terminate any active live broadcast. By exploiting the stats.json.php endpoint, which reveals active stream keys, an attacker can send specially crafted POST requests to the vulnerable endpoint, consequently causing service interruption across the platform's live streaming capabilities. As of now, no patches have been released to address this issue.

Affected Version(s)

AVideo <= 26.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-4...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34731 Data

JSON

Wwbn

What is CVE-2026-34731?

Affected Version(s)

References

CVSS V3.1

Timeline