CVE-2026-27736

Medium CVSS: 6.1

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No known workarounds are available.

Vendor

Bigbluebutton

Product

Bigbluebutton

CWE

CWE-601

Yayın Tarihi

2026-02-25 17:25:40

Güncelleme

2026-03-05 18:26:56

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Bigbluebutton MEDIUM Bigbluebutton 2026

Referanslar

https://github.com/bigbluebutton/bigbluebutton/commit/691f92f3af0d6b796b91cb968977068663119812 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrx

Benzer Kayıtlar

High

CVE-2026-27466

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server…

Low

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the m…

High

CVE-2025-61601

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-61602

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a St…