CVE-2026-34731 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: April 1, 2026
WWBN AVideo - Denial of Service
Overview
WWBN AVideo <= 26.0 contains a denial-of-service caused by lack of authentication in on_publish_done.php endpoint in Live plugin, letting unauthenticated attackers terminate any active live stream, exploit requires access to stats.json.php endpoint to enumerate stream keys.
Severity & Score
Impact
Unauthenticated attackers can terminate any active live stream, causing denial of service to live streaming functionality.
Mitigation
Update to the latest version when patches become available.
Social Media Activity(2 posts)
š CVE-2026-34731 - High (7.5) WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to m... š https://www.thehackerwire.com/vulnerability/CVE-2026-34731/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34731 - High (7.5) WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to m... š https://www.thehackerwire.com/vulnerability/CVE-2026-34731/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34731
- Severity
- High
- CVSS Score
- 7.5
- Type
- broken_access_control
- Status
- confirmed
- EPSS
- 6.4%
- Social Posts
- 2
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H