CVE-2026-26227 | VideoLAN VLC up to 3.6.x on Android Remote Access Server user_session excessive authentication

A vulnerability was found in VideoLAN VLC up to 3.6.x on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Remote Access Server. The manipulation of the argument user_session results in improper restriction of excessive authentication attempts.

This vulnerability was named CVE-2026-26227. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More