CVE-2026-39368— WWBN AVideo 代码问题漏洞

WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL and trigger server-side requests to loopback or internal HTTP services through the restream log feature.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

服务端请求伪造(SSRF)

WWBN AVideo 代码问题漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 26.0及之前版本存在代码问题漏洞，该漏洞源于Live重流日志回调流程接受攻击者控制的URL，可能导致存储型服务端请求伪造。

N/A

N/A