CVE-2026-46404
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vulnerability Description
BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-918
Source
NVD
Vendor
bigbluebutton
Product
bigbluebutton
Discussion (0)
Add Comment
No comments yet. Be the first!