VYPR

Vlc Android

by VideoLAN

Source repositories

CVEs (2)

  • CVE-2026-26228MedFeb 26, 2026
    risk 0.32cvss 4.9epss 0.00

    VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory…

  • CVE-2026-26227LowFeb 26, 2026
    risk 0.24cvss 3.7epss 0.00

    VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password (OTP) verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective…