CVE-2026-33493 | WWBN AVideo up to 26.0 POST Parameter objects/import.json.php realpath fileURI path traversal

March 23, 2026 Yanac

A vulnerability described as critical has been identified in WWBN AVideo up to 26.0. This issue affects the function realpath of the file objects/import.json.php of the component POST Parameter Handler. Such manipulation of the argument fileURI leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-33493. The attack can only be initiated within the local network. No exploit exists.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More