Threats Tagged 'cve-2026-41056'
View all threats tagged with 'cve-2026-41056'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-41056'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-41056: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in WWBN AVideoCVE-2026-41056 0 WWBN AVideo versions 29. 0 and below contain a permissive cross-domain policy vulnerability in the allowOrigin function that reflects arbitrary Origin headers in Access-Control-Allow-Origin with credentials allowed. This affects key API endpoints handling user data and authentication. Combined with the SameSite=None cookie policy, this enables any website to perform credentialed cross-origin requests, potentially exposing user PII, livestream keys, and allowing unauthorized state changes. A fix is committed but no official patch release or advisory is confirmed yet. Join the discussion | CVE Database V5 | 04/21/2026, 22:35:55 UTC Added: 04/22/2026, 05:33:53 UTC |
Showing 1 to 1 of 1 result