High severity8.8NVD Advisory· Published Sep 30, 2020· Updated Jun 17, 2026
CVE-2020-26163
CVE-2020-26163
Description
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- BigBlueButton/Greenlightdescription
- Range: <2.5.6
Patches
Vulnerability mechanics
References
3- github.com/bigbluebutton/greenlight/pull/1543nvdPatchThird Party Advisory
- www.sakshamanand.com/host-header-injection-bigbluebutton/nvdExploitThird Party Advisory
- github.com/bigbluebutton/greenlight/releases/tag/release-2.5.6nvdThird Party Advisory
News mentions
0No linked articles in our index yet.