Home / Vulnerability Intelligence / CVE-2026-33039

CVE-2026-33039 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 20, 2026

WWBN AVideo - Server Side Request Forgery

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

WWBN AVideo <= 25.0 contains a server-side request forgery caused by insufficient URL validation on HTTP redirects in plugin/LiveLinks/proxy.php, letting attackers access internal services via attacker-controlled redirects, exploit requires crafted URL input.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 1.0%(Probability of exploitation in next 30 days)

Impact

Attackers can access internal network services, potentially exposing sensitive internal data or metadata.

Mitigation

Update to version 26.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🟠 CVE-2026-33039 - High (8.6) WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL(), but only checks the initial URL. When the initi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33039/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33039
Severity: High
CVSS Score: 8.6
Type: server_side_request_forgery
Status: unconfirmed
EPSS: 1.0%
Social Posts: 1

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

1.0%Probability of exploitation in the next 30 days