Description

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Commit 8d8fc0cadb425835b4861036d589abcea4d78ee8 contains an updated fix.

INFO

Published Date :

2026-04-21T22:25:45.488Z

Last Modified :

2026-04-22T14:00:50.623Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41055 vulnerability.

Vendors Products
Wwbn
  • Avideo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41055.

URL Resource
https://github.com/WWBN/AVideo/commit/0e56382921fc71e64829cd1ec35f04e338c70917 cve-icon cve-icon
https://github.com/WWBN/AVideo/commit/8d8fc0cadb425835b4861036d589abcea4d78ee8 cve-icon cve-icon
https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp cve-icon cve-icon cve-icon
https://github.com/WWBN/AVideo/security/advisories/GHSA-9x67-f2v7-63rw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact