Home / Vulnerability Intelligence / CVE-2026-29093

CVE-2026-29093 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 9, 2026

WWBN AVideo - Broken Access Control

Published: March 6, 2026Updated: March 9, 2026Remote Exploitable

Overview

WWBN AVideo prior to 24.0 contains a broken access control vulnerability caused by unauthenticated memcached service exposure on host port 11211, letting attackers read, modify, or flush session data, enabling session hijacking and impersonation, exploit requires network access to port 11211.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.0%(Probability of exploitation in next 30 days)

Impact

Attackers can hijack or impersonate admin sessions and destroy multiple sessions, leading to unauthorized access and denial of service.

Mitigation

Update to version 24.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2026-29093 - High (8.1) WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while the Dockerfile configures PHP to store all user s... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-29093
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: unconfirmed
EPSS: 5.0%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.0%Probability of exploitation in the next 30 days