Main Vulnerability Database Vulnerabilities #VU125437

Exposure of Resource to Wrong Sphere in AVideo - CVE-2026-29093

Published: April 8, 2026

Vulnerability identifier: #VU125437

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-29093

CWE-ID: CWE-668

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: World Wide Broadcast Network

Affected software:
AVideo

Detailed vulnerability description

The vulnerability allows a remote attacker to read, modify, or flush session data.

The vulnerability exists due to exposure of resource to wrong sphere in the memcached service and PHP session store configuration when the published memcached port is reachable over the network. A remote attacker can connect to the exposed memcached service and issue memcached commands to read, alter, or delete session data.

Session data contains authentication state including user identifiers, admin flags, email addresses, and password hashes.

How to mitigate CVE-2026-29093

Install security update from vendor's website.

Sources

https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9

Exposure of Resource to Wrong Sphere in AVideo - CVE-2026-29093

Detailed vulnerability description

How to mitigate CVE-2026-29093

Sources

Please verify you're human