SSRF Vulnerability in WWBN AVideo Video Platform
CVE-2026-41055

8.6HIGH

Key Information:

Vendor

Wwbn

Status
Avideo
Vendor
CVE Published:
21 April 2026

What is CVE-2026-41055?

WWBN AVideo, an open-source video platform, presents a significant SSRF vulnerability due to an incomplete fix in its LiveLinks proxy. This issue affects versions 29.0 and below, where the implementation of the 'isSSRFSafeURL()' validation does not adequately address DNS TOCTOU vulnerabilities. Consequently, a malicious actor could exploit this flaw by manipulating DNS rebinding to redirect traffic to internal endpoints, potentially exposing sensitive data. An updated fix for this issue can be found in commit 8d8fc0cadb425835b4861036d589abcea4d78ee8.

Affected Version(s)

AVideo < 26.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-7...
x_refsource_CONFIRM
https://github.com/WWBN/AVideo/security/advisories/GHSA-9...
x_refsource_MISC
https://github.com/WWBN/AVideo/commit/0e56382921fc71e6482...
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.