CVE-2026-33493 - Vulnerability Analysis
HighCVSS: 7.1Last Updated: March 24, 2026
WWBN AVideo - Broken Access Control
Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable
Overview
WWBN AVideo <= 26.0 contains a broken access control vulnerability caused by insufficient directory restriction in objects/import.json.php allowing authenticated users with upload permission to access or delete other users' private video and adjacent files.
Severity & Score
Severity: High
CVSS Score: 7.1
Impact
Authenticated users with upload permission can steal or delete other users' private video and adjacent files, compromising data confidentiality and integrity.
Mitigation
Update to the version including commit e110ff542acdd7e3b81bdd02b8402b9f6a61ad78 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-33493
- Severity
- High
- CVSS Score
- 7.1
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N