AVideo Platform Hit by SSRF Vulnerability, Leaking Sensitive Data

/HIGH
SCW vulnerabilitycvemalwaretools
AVideo Platform Hit by SSRF Vulnerability, Leaking Sensitive Data

CVE Notify is flagging a serious Server-Side Request Forgery (SSRF) vulnerability in the open-source WWBN AVideo platform. Affecting versions 26.0 and prior, the issue stems from an incomplete patch for a previous vulnerability, CVE-2026-27732. The vulnerability lies within objects/aVideoEncoder.json.php, where insufficient validation allows attackers to craft download URLs with common media or archive file extensions. This bypasses SSRF checks, enabling the server to fetch and store arbitrary content, effectively turning an upload-by-URL feature into a data exfiltration tool.

According to CVE Notify, an authenticated uploader can exploit this flaw to reliably extract sensitive server responses. By manipulating the downloadURL parameter, an attacker can trick the AVideo server into making requests to internal or external resources and then capture the responses. This could expose internal network information or other sensitive data that the server has access to, posing a significant risk to system integrity and data confidentiality.

What This Means For You

  • Immediately update WWBN AVideo instances to the patched version (26.1 or later) to mitigate the SSRF vulnerability and prevent potential data exfiltration by authenticated users.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.001 Web Protocols Command and Control T1537 Transfer Data to Cloud Account Exfiltration

๐Ÿ›ก๏ธ Detection Rules

1 rule ยท 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1190 Initial Access

Web Application Exploitation Attempt โ€” CVE-2026-39370

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

Indicators of Compromise

IDTypeIndicator
CVE-2026-39370 SSRF WWBN AVideo versions 26.0 and prior, component: objects/aVideoEncoder.json.php, vulnerability: allows attacker-controlled downloadURL values with common media or archive extensions to bypass SSRF validation, leading to response exfiltration.
CVE-2026-39370 Information Disclosure WWBN AVideo versions 26.0 and prior, component: objects/aVideoEncoder.json.php, vulnerability: SSRF response-exfiltration primitive due to improper validation of downloadURL.
CVE-2026-39370 Misconfiguration WWBN AVideo versions 26.0 and prior, component: objects/aVideoEncoder.json.php, vulnerability: incomplete fix for CVE-2026-27732 leading to bypass of SSRF validation.

By Shimi's Cyber World Editorial

Related coverage

Laravel Lang Packages Hijacked to Deploy Credential-Stealing Malware

A supply chain attack has compromised Laravel Lang localization packages, exposing developers to credential-stealing malware. Attackers manipulated GitHub version tags to inject malicious code into...

threat-inteldata-breachmalwareidentitytools
/SCW Research /MEDIUM /⚙ 3 Sigma
Featured

Daily Security Digest โ€” 2026-05-23

9 curated intelligence stories from 3 sources.

daily-digestu-s-department-of-justiceu-s-department-of-defensekimwolfvulnerabilitylitespeedcpanelmalwareidentitythreat-intel
/SCW Daily Digest /MEDIUM

npm Boosts Supply Chain Security with 2FA-Gated Staged Publishing

GitHub has rolled out new controls for npm, significantly enhancing software supply chain security. The Hacker News reports that these features, now generally available, introduce...

threat-intelvulnerabilityidentitytools
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 2 Sigma