CVE-2026-34740 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: April 1, 2026
WWBN AVideo - Server Side Request Forgery
Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable
Overview
WWBN AVideo <= 26.0 contains a stored server-side request forgery caused by insufficient URL validation in the EPG link feature, letting authenticated users with upload permissions scan internal networks and access internal services, exploit requires upload permissions.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Authenticated users with upload permissions can perform SSRF to scan internal networks and access sensitive internal services.
Mitigation
Update to the latest version once a patch is available or implement proper SSRF protections.
Related Resources
Details
- CVE ID
- CVE-2026-34740
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- server_side_request_forgery
- Status
- confirmed
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N