CVE-2026-34740: CWE-918: Server-Side Request Forgery (SSRF) in WWBN AVideo
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's FILTER_VALIDATE_URL, which accepts internal network addresses. Although AVideo has a dedicated isSSRFSafeURL() function for preventing SSRF, it is not called in this code path. This results in a stored server-side request forgery vulnerability that can be used to scan internal networks, access cloud metadata services, and interact with internal services. At time of publication, there are no publicly available patches.
AI Analysis
Technical Summary
The vulnerability in WWBN AVideo (<= 26.0) arises from improper validation of URLs stored via the EPG link feature. Although a function to prevent SSRF exists, it is not invoked, allowing authenticated users with upload permissions to inject URLs that the server fetches on page load. The URL validation relies solely on FILTER_VALIDATE_URL, which permits internal IP addresses, enabling SSRF attacks that can probe internal networks and access sensitive internal services. This is classified as CWE-918 (Server-Side Request Forgery). No official fixes or patches have been released as of the publication date.
Potential Impact
Successful exploitation allows an authenticated user with upload permissions to cause the server to make arbitrary HTTP requests to internal network resources. This can lead to unauthorized internal network scanning and access to sensitive internal services such as cloud metadata endpoints. The vulnerability does not impact confidentiality directly via data exfiltration from the server but poses a significant risk of internal network reconnaissance and potential further exploitation. The CVSS score is 6.5 (medium severity), reflecting network attack vector, low attack complexity, and required privileges.
Mitigation Recommendations
At the time of publication, no official patch or fix is available for this vulnerability. Users should monitor the vendor's advisories for updates. As a temporary mitigation, restrict upload permissions to trusted users only and consider network-level controls to limit the server's ability to access internal or sensitive network resources. Review and modify the code to ensure the isSSRFSafeURL() function is properly called to validate URLs before fetching. Avoid exposing the EPG link feature to untrusted users until a fix is released.
CVE-2026-34740: CWE-918: Server-Side Request Forgery (SSRF) in WWBN AVideo
Description
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's FILTER_VALIDATE_URL, which accepts internal network addresses. Although AVideo has a dedicated isSSRFSafeURL() function for preventing SSRF, it is not called in this code path. This results in a stored server-side request forgery vulnerability that can be used to scan internal networks, access cloud metadata services, and interact with internal services. At time of publication, there are no publicly available patches.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in WWBN AVideo (<= 26.0) arises from improper validation of URLs stored via the EPG link feature. Although a function to prevent SSRF exists, it is not invoked, allowing authenticated users with upload permissions to inject URLs that the server fetches on page load. The URL validation relies solely on FILTER_VALIDATE_URL, which permits internal IP addresses, enabling SSRF attacks that can probe internal networks and access sensitive internal services. This is classified as CWE-918 (Server-Side Request Forgery). No official fixes or patches have been released as of the publication date.
Potential Impact
Successful exploitation allows an authenticated user with upload permissions to cause the server to make arbitrary HTTP requests to internal network resources. This can lead to unauthorized internal network scanning and access to sensitive internal services such as cloud metadata endpoints. The vulnerability does not impact confidentiality directly via data exfiltration from the server but poses a significant risk of internal network reconnaissance and potential further exploitation. The CVSS score is 6.5 (medium severity), reflecting network attack vector, low attack complexity, and required privileges.
Mitigation Recommendations
At the time of publication, no official patch or fix is available for this vulnerability. Users should monitor the vendor's advisories for updates. As a temporary mitigation, restrict upload permissions to trusted users only and consider network-level controls to limit the server's ability to access internal or sensitive network resources. Review and modify the code to ensure the isSSRFSafeURL() function is properly called to validate URLs before fetching. Avoid exposing the EPG link feature to untrusted users until a fix is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:17:10.224Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cc37c3e6bfc5ba1d418a5c
Added to database: 3/31/2026, 9:08:19 PM
Last enriched: 4/8/2026, 12:08:56 AM
Last updated: 5/15/2026, 2:03:22 PM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.