Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 26, 2026
BigBlueButton has Open Redirect vulnerability in ApiController
CVE-2026-27736
Description
BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.0.20+ 1 more
- (no CPE)range: <3.0.20
- (no CPE)range: >= 3.0.0, < 3.0.20
Patches
Vulnerability mechanics
References
2- github.com/bigbluebutton/bigbluebutton/commit/691f92f3af0d6b796b91cb968977068663119812mitrex_refsource_MISC
- github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.