Auth bypass in Wwbn Avideo

CVE-2026-43885

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in. C…

Vulnerability class: Information Disclosure

EPSS: 0.001 (20.5th percentile) — read the EPSS interpretation.