Security Advisory

CVE-2026-35450

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-06 21:46:54

Last updated 2026-04-07 16:21:46

Assigner GitHub_M

State PUBLISHED

Description

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints (kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php) require User::isAdmin().

← Browse all CVEs View on cve.org ↗