CVE-2026-27467

Low CVSS: 2.0

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allow for malicious server operators to access audio data. The behavior is only incorrect between joining the meeting and the first time the user unmutes. This issue has been fixed in version 3.0.20.

Vendor

Bigbluebutton

Product

Bigbluebutton

CWE

CWE-200

Yayın Tarihi

2026-02-21 08:16:11

Güncelleme

2026-02-26 18:54:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Bigbluebutton LOW Bigbluebutton 2026

Referanslar

https://github.com/bigbluebutton/bigbluebutton/commit/3aa47832bc2b17178799bd932453c226e8f95703 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-6gj9-5rhm-68j8

Benzer Kayıtlar

Medium

CVE-2026-27736

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received wi…

High

CVE-2026-27466

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server…

High

CVE-2025-61601

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-61602

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a St…