CVE-2026-40909 | WWBN AVideo up to 29.0 Locale Save Endpoint locale/save.php fwrite flag path traversal (GHSA-6rc6-p838-686f)

A vulnerability described as critical has been identified in WWBN AVideo up to 29.0. Affected is the function fwrite of the file locale/save.php of the component Locale Save Endpoint. The manipulation of the argument flag results in path traversal.

This vulnerability is identified as CVE-2026-40909. The attack can be executed remotely. There is not any exploit available.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More