Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026

Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

CVE-2016-20035

Description

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.

Affected products

Wowza/Streaming Enginellm-fuzzy
Range: = 4.5.0
Wowza Media Systems, LLC./Wowza Streaming Enginev5
Range: 4.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/40134mitreexploit
www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5341.phpmitrevendor-advisory
www.vulncheck.com/advisories/wowza-streaming-engine-csrf-via-user-edit-endpointmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000