CVE-2026-41058 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 21, 2026
WWBN AVideo - Path Traversal
Overview
WWBN AVideo <= 29.0 contains a path traversal caused by incomplete filtering of the CloneSite `deleteDump` GET parameter, letting attackers unlink arbitrary files via `../../` sequences, exploit requires crafted request.
Severity & Score
Impact
Attackers can delete arbitrary files on the server, potentially disrupting service or causing data loss.
Mitigation
Update to the version including commit 3c729717c26f160014a5c86b0b6accdbd613e7b2 or later.
References
Social Media Activity(2 posts)
š CVE-2026-41058 - High (8.1) WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in th... š https://www.thehackerwire.com/vulnerability/CVE-2026-41058/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-41058 - High (8.1) WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in th... š https://www.thehackerwire.com/vulnerability/CVE-2026-41058/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-41058
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H