ByteOS Network

NVD Vulnerability Details :

CVE-2026-33763

Analyzed

Source-security-advisories@github.com

Published At-27 Mar, 2026 | 15:16

Updated At-31 Mar, 2026 | 18:44

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_password_is_correct` API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean `passwordIsCorrect` field with no rate limiting, CAPTCHA, or authentication requirement, enabling efficient offline-speed brute-force attacks against video passwords. Commit 01a0614fedcdaee47832c0d913a0fb86d8c28135 contains a patch.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

wwbn>>avideo>>Versions up to 26.0(inclusive)

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-307	Primary	security-advisories@github.com

CWE ID: CWE-307

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/WWBN/AVideo/commit/01a0614fedcdaee47832c0d913a0fb86d8c28135	security-advisories@github.com	Patch
https://github.com/WWBN/AVideo/security/advisories/GHSA-8prq-2jr2-cm92	security-advisories@github.com	Exploit Vendor Advisory

Hyperlink: https://github.com/WWBN/AVideo/commit/01a0614fedcdaee47832c0d913a0fb86d8c28135

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/WWBN/AVideo/security/advisories/GHSA-8prq-2jr2-cm92

Source: security-advisories@github.com

Resource:

Exploit

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History