CVE-2026-40911 | WWBN AVideo up to 29.0 JSON Message script.js eval msg/callback code injection

April 21, 2026 Yanac

A vulnerability identified as critical has been detected in WWBN AVideo up to 29.0. This affects the function eval of the file plugin/YPTSocket/script.js of the component JSON Message Handler. This manipulation of the argument msg/callback causes code injection.

This vulnerability is handled as CVE-2026-40911. The attack can be initiated remotely. There is not any exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More