Main Vulnerability Database Vulnerabilities #VU125437

#VU125437 Exposure of Resource to Wrong Sphere in AVideo - CVE-2026-29093

Published: April 8, 2026

Vulnerability identifier: #VU125437

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-29093

CWE-ID: CWE-668

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
AVideo

Software vendor:
World Wide Broadcast Network

Description

The vulnerability allows a remote attacker to read, modify, or flush session data.

The vulnerability exists due to exposure of resource to wrong sphere in the memcached service and PHP session store configuration when the published memcached port is reachable over the network. A remote attacker can connect to the exposed memcached service and issue memcached commands to read, alter, or delete session data.

Session data contains authentication state including user identifiers, admin flags, email addresses, and password hashes.

Remediation

Install security update from vendor's website.

External links

https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9

#VU125437 Exposure of Resource to Wrong Sphere in AVideo - CVE-2026-29093

Description

Remediation

External links

Please verify you're human