DNS Rebinding Vulnerability in WWBN AVideo Open Source Video Platform
CVE-2026-45619

6.5MEDIUM

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-45619?

The AVideo platform, an open-source video solution by WWBN, is susceptible to a DNS rebinding vulnerability in versions 29.0 and earlier. This issue arises from the improper handling of the $resolvedIP output parameter in the isSSRFSafeURL() function across several scripts, such as EpgParser.php and plugin/AI/receiveAsync.json.php. The oversight allows an attacker to exploit DNS pinning through CURLOPT_RESOLVE, potentially compromising the integrity of web sessions. It is crucial for users to assess their deployments and integrate necessary security updates to mitigate this risk.

Affected Version(s)

AVideo <= 29.0

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-c...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45619 Data

JSON

Wwbn

What is CVE-2026-45619?

Affected Version(s)

References

CVSS V3.1

Timeline