CVE-2026-33763
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_password_is_correct` API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a boolean `passwordIsCorrect` field with no rate limiting, CAPTCHA, or authentication requirement, enabling efficient offline-speed brute-force attacks against video passwords. Commit 01a0614fedcdaee47832c0d913a0fb86d8c28135 contains a patch.
Vendor
Product
CWE
Yayın Tarihi
2026-03-27 15:16:58
Güncelleme
2026-03-31 18:44:43
Source Identifier
security-advisories@github.com
KEV Date Added
-