CVE-2026-34732 - Vulnerability Analysis
MediumCVSS: 5.3Last Updated: April 1, 2026
WWBN AVideo - Broken Access Control
Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable
Overview
WWBN AVideo <= 26.0 contains an information disclosure vulnerability caused by missing authentication and authorization checks in the CreatePlugin list.json.php template, letting unauthenticated attackers access sensitive data, exploit requires no authentication.
Severity & Score
Severity: Medium
CVSS Score: 5.3
Impact
Unauthenticated attackers can access sensitive user and system data, risking privacy breaches and data exposure.
Mitigation
Update to the latest version once patches are available or implement authentication checks on list.json.php endpoints.
Related Resources
Details
- CVE ID
- CVE-2026-34732
- Severity
- Medium
- CVSS Score
- 5.3
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N