High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026
CVE-2026-33867
CVE-2026-33867
Description
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database (via SQL injection, a database backup, or misconfigured access controls), they obtain all video passwords in cleartext. Commit f2d68d2adbf73588ea61be2b781d93120a819e36 contains a patch.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wwbn/avideoPackagist | <= 26.0 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/WWBN/AVideo/commit/f2d68d2adbf73588ea61be2b781d93120a819e36nvdPatchWEB
- github.com/WWBN/AVideo/security/advisories/GHSA-363v-5rh8-23wgnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-363v-5rh8-23wgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33867ghsaADVISORY
News mentions
0No linked articles in our index yet.