LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-33478

CVE-2026-33478 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: March 24, 2026

WWBN AVideo - Remote Code Execution

Published: March 23, 2026Updated: March 24, 2026Remote Exploitable

Overview

WWBN AVideo <= 26.0 contains multiple vulnerabilities in the CloneSite plugin including unauthenticated exposure of clone secret keys and OS command injection in rsync command construction, letting unauthenticated attackers achieve remote code execution.

Severity & Score

Severity: Critical
CVSS Score: 10.0
EPSS Score: 195.3%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary system commands, leading to full server compromise.

Mitigation

Update to the version including commit c85d076375fab095a14170df7ddb27058134d38c or later.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 30, 2026

📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1724 Severity: - Critical: 160 - High: 649 - Medium: 676 - Low: 49 - None: 190 Status: - : 20 - Analyzed: 407 - Awaiting Analysis: 410 - Modified: 55 - Received: 778 - Rejected: 23 - Undergoing Analysis: 31 Top CNAs: - GitHub, Inc.: 426 - Patchstack: 248 - VulDB: 159 - VulnCheck: 124 - kernel.org: 122 - Apple Inc.: 87 - MITRE: 74 - Mozilla Corporation: 47 - Wordfence: 46 - Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33 Top Affected Products: - UNKNOWN: 1239 - Apple Macos: 76 - Mozilla Firefox: 45 - Apple Ipados: 41 - Apple Iphone Os: 41 - Wwbn Avideo: 34 - Apple Visionos: 28 - Apple Watchos: 21 - Open-emr Openemr: 20 - Hcltech Aftermarket Cloud: 17 Top EPSS Score: - CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634) - CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526) - CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478) - CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854) - CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748) - CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515) - CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396) - CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611) - CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829) - CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)

View original post

Related Resources

Details

CVE ID
CVE-2026-33478
Severity
Critical
CVSS Score
10.0
Type
command_injection
Status
unconfirmed
EPSS
195.3%
Social Posts
1

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

195.3%Probability of exploitation in the next 30 days