CVE-2026-33488 - Vulnerability Analysis
HighCVSS: 7.4Last Updated: March 24, 2026
WWBN AVideo - Authentication Bypass & Denial of Service
Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable
Overview
WWBN AVideo <= 26.0 contains a broken authentication caused by use of weak 512-bit RSA keys in the LoginControl plugin's PGP 2FA system and unauthenticated key generation endpoints, letting attackers bypass 2FA and cause resource exhaustion, exploit requires no authentication.
Severity & Score
Severity: High
CVSS Score: 7.4
Impact
Attackers can bypass two-factor authentication and cause CPU exhaustion via unauthenticated key generation.
Mitigation
Apply patch from commit 00d979d87f8182095c8150609153a43f834e351e or update to a fixed version.
References
Related Resources
Details
- CVE ID
- CVE-2026-33488
- Severity
- High
- CVSS Score
- 7.4
- Type
- broken_authentication
- Status
- confirmed
CWE
- CWE-326
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N