What is CVE-2026-46337?

CVE-2026-46337 is a medium-severity vulnerability in Wwbn Avideo, classified under Path Traversal. CVSS score: 5.3/10. Published 2026-05-29.

How severe is CVE-2026-46337?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Path Traversal in Wwbn Avideo

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Wwbn Avideo — versions <= 29.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-46337?: CVE-2026-46337 is a medium-severity vulnerability in Wwbn Avideo, classified under Path Traversal. CVSS score: 5.3/10. Published 2026-05-29.
How severe is CVE-2026-46337?: Medium severity. CVSS v3 base score is 5.3 out of 10.