CVE-2026-41055— WWBN AVideo 代码问题漏洞

AVideo has an incomplete fix for CVE-2026-33039 (SSRF)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Commit 8d8fc0cadb425835b4861036d589abcea4d78ee8 contains an updated fix.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

服务端请求伪造(SSRF)

WWBN AVideo 代码问题漏洞

WWBN AVideo是WWBN团队的一个由PHP编写的视频平台建站系统。 WWBN AVideo 29.0及之前版本存在代码问题漏洞，该漏洞源于LiveLinks代理中SSRF修复不完整，DNS TOCTOU漏洞可能导致DNS重定向到内部端点。

N/A

N/A