Main Vulnerability Database Vulnerabilities #VU129507

Missing Authentication for Critical Function in AVideo - #VU129507

Published: May 4, 2026

Vulnerability identifier: #VU129507

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: World Wide Broadcast Network

Affected software:
AVideo

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to missing authentication for a critical function in decryptMessage.json.php when handling PGP decryption requests. A remote attacker can send specially crafted decryption requests to disclose sensitive information and cause a denial of service.

Submitted private key material may be exposed in server memory or logging infrastructure depending on deployment configuration.

Remediation

Install security update from vendor's website.

Missing Authentication for Critical Function in AVideo - #VU129507

Detailed vulnerability description

Remediation

Sources

Please verify you're human