ByteOS Network

CVE Vulnerability Details :

CVE-2026-43885

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-11 May, 2026 | 20:45

Updated At-11 May, 2026 | 20:45

▼CVE Numbering Authority (CNA)

WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an updated fix.

Affected Products

Vendor

WWBN

Product

AVideo

Versions

Affected

<= 29.0

Problem Types

Type	CWE ID	Description
CWE	CWE-200	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE	CWE-862	CWE-862: Missing Authorization

Type: CWE

CWE ID: CWE-200

Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Type: CWE

CWE ID: CWE-862

Description: CWE-862: Missing Authorization

Metrics

Version	Base score	Base severity	Vector
4.0	7.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Version: 4.0

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

References

Hyperlink	Resource
https://github.com/WWBN/AVideo/security/advisories/GHSA-xr49-f4rh-qcjf	x_refsource_CONFIRM
https://github.com/WWBN/AVideo/commit/1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b	x_refsource_MISC

Hyperlink: https://github.com/WWBN/AVideo/security/advisories/GHSA-xr49-f4rh-qcjf

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/WWBN/AVideo/commit/1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References