Main Vulnerability Database Vulnerabilities #VU125494

#VU125494 Improper Authorization in AVideo - CVE-2026-34738

Published: April 8, 2026

Vulnerability identifier: #VU125494

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-34738

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
AVideo

Software vendor:
World Wide Broadcast Network

Description

The vulnerability allows a remote user to bypass content moderation workflows.

The vulnerability exists due to improper authorization in the video publishing workflow when handling upload requests with the overrideStatus parameter. A remote user can send a specially crafted upload request to bypass content moderation workflows.

Only users with upload permissions can exploit this issue, and exploitation can make uploaded videos immediately publicly visible when moderation is enabled.

Remediation

Install security update from vendor's website.

External links

https://github.com/WWBN/AVideo/security/advisories/GHSA-m577-w9j8-ch7j

#VU125494 Improper Authorization in AVideo - CVE-2026-34738

Description

Remediation

External links

Please verify you're human