Main Vulnerability Database Vulnerabilities #VU125494

Improper Authorization in AVideo - CVE-2026-34738

Published: April 8, 2026

Vulnerability identifier: #VU125494

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-34738

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: World Wide Broadcast Network

Affected software:
AVideo

Detailed vulnerability description

The vulnerability allows a remote user to bypass content moderation workflows.

The vulnerability exists due to improper authorization in the video publishing workflow when handling upload requests with the overrideStatus parameter. A remote user can send a specially crafted upload request to bypass content moderation workflows.

Only users with upload permissions can exploit this issue, and exploitation can make uploaded videos immediately publicly visible when moderation is enabled.

How to mitigate CVE-2026-34738

Install security update from vendor's website.

Sources

https://github.com/WWBN/AVideo/security/advisories/GHSA-m577-w9j8-ch7j

Improper Authorization in AVideo - CVE-2026-34738

Detailed vulnerability description

How to mitigate CVE-2026-34738

Sources

Please verify you're human