Home / Vulnerability Intelligence / CVE-2026-29093

CVE-2026-29093 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 6, 2026

WWBN AVideo - Broken Access Control

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

WWBN AVideo prior to 24.0 contains a broken access control vulnerability caused by unauthenticated memcached service exposure on host port 11211, letting attackers read, modify, or flush session data, enabling session hijacking and impersonation, exploit requires network access to port 11211.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can hijack or impersonate admin sessions and destroy multiple sessions, leading to unauthorized access and denial of service.

Mitigation

Update to version 24.0 or later.

References

https://github.com/WWBN/AVideo/releases/tag/24.0
https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29093
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H