Directory Traversal Vulnerability in WWBN AVideo Platform
CVE-2026-41062

6.5MEDIUM

Key Information:

Vendor

Wwbn

Status
Avideo
Vendor
CVE Published:
21 April 2026

What is CVE-2026-41062?

The WWBN AVideo platform is susceptible to a directory traversal vulnerability in versions up to 29.0. This flaw arises from a security check that only verifies the URL path component for '..' sequences, allowing attackers to exploit the query string to bypass this verification. By embedding malicious traversal sequences in the URL, an attacker could access arbitrary files on the server, posing significant security risks. The issue has been addressed in a subsequent update that improves the directory traversal protection measures.

Affected Version(s)

AVideo <= 29.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-m...
x_refsource_CONFIRM
https://github.com/WWBN/AVideo/security/advisories/GHSA-f...
x_refsource_MISC
https://github.com/WWBN/AVideo/commit/2375eb5e0a6d3cbcfb0...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.