SSRF in Wwbn Avideo
CVE-2026-34740
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Wwbn Avideo — versions <= 26.0
Weakness classification (CWE)
References
- https://github.com/WWBN/AVideo/security/advisories/GHSA-x5vx-vrpf-r45f (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-34740?
- CVE-2026-34740 is a medium-severity vulnerability in Wwbn Avideo, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.5/10. Published 2026-03-31.
- How severe is CVE-2026-34740?
- Medium severity. CVSS v3 base score is 6.5 out of 10.