Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026

Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

CVE-2016-20034

Description

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

Affected products

Wowza/Streaming Enginellm-fuzzy
Range: = 4.5.0
Wowza Media Systems, LLC./Wowza Streaming Enginev5
Range: 4.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/40133mitreexploit
www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5340.phpmitrevendor-advisory
www.vulncheck.com/advisories/wowza-streaming-engine-privilege-escalation-via-user-editmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000