The vulnerability CVE-2026-22800 affects PILOS, a frontend for BigBlueButton used for live online seminars. The flaw lies in an administrative API endpoint responsible for terminating all active video conferences on a server. This endpoint is accessible via an HTTP GET request, which is inappropriate for destructive actions as GET requests are expected to be safe and idempotent. Although proper authorization checks are in place, preventing cross-site exploitation, the endpoint can be triggered implicitly through same-site content, such as embedded resources within the application interface. This means that an authenticated administrator, while browsing or interacting with crafted content inside the application, may unknowingly invoke the endpoint, causing an unintended termination of all active video conferences. This vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The impact on confidentiality and integrity is minimal since authorization is enforced and no data leakage occurs, but availability is affected due to the forced termination of active sessions. The vulnerability is fixed in PILOS version 4.10.0 by presumably changing the HTTP method or adding CSRF protections. No known exploits are reported in the wild, and the CVSS v3.1 base score is 2.4, reflecting a low severity primarily due to the requirement for administrator privileges and user interaction.

For European organizations using PILOS versions prior to 4.10.0, this vulnerability could lead to denial of service for live online seminars and video conferences by abruptly terminating all active sessions on a server. This disruption could affect critical meetings, training sessions, or educational activities, potentially causing operational delays and reputational damage. Since the vulnerability requires an authenticated administrator to interact with crafted content, the risk is somewhat limited to insider threats or targeted social engineering attacks. However, in environments where PILOS is heavily used for remote collaboration or e-learning, such disruptions could impact productivity and continuity. The impact on confidentiality and integrity is negligible, but availability is compromised. Organizations relying on PILOS for critical communication should prioritize patching to avoid service interruptions.

European organizations should upgrade PILOS to version 4.10.0 or later, where this vulnerability is fixed. Until upgrading, administrators should avoid interacting with untrusted or suspicious content within the application to prevent inadvertent triggering of the endpoint. Implementing Content Security Policy (CSP) and restricting embedded content can reduce the risk of same-site CSRF triggers. Additionally, reviewing and restricting administrative access to trusted personnel only will limit exposure. Monitoring logs for unusual API calls to the termination endpoint can help detect attempted exploitation. Finally, consider isolating the administrative interface from general user access or using multi-factor authentication to reduce the risk of compromised administrator accounts.