Vulnerability Description
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Commit 8d8fc0cadb425835b4861036d589abcea4d78ee8 contains an updated fix.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wwbn | Avideo | <= 29.0 |
Related Weaknesses (CWE)
References
- https://github.com/WWBN/AVideo/commit/0e56382921fc71e64829cd1ec35f04e338c70917Patch
- https://github.com/WWBN/AVideo/commit/8d8fc0cadb425835b4861036d589abcea4d78ee8Patch
- https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frpExploitMitigationVendor Advisory
- https://github.com/WWBN/AVideo/security/advisories/GHSA-9x67-f2v7-63rwNot Applicable
- https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frpExploitMitigationVendor Advisory
FAQ
What is CVE-2026-41055?
CVE-2026-41055 is a vulnerability with a CVSS score of 8.6 (HIGH). WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities whe...
How severe is CVE-2026-41055?
CVE-2026-41055 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41055?
Check the references section above for vendor advisories and patch information. Affected products include: Wwbn Avideo.