Back to CVE List

CVE-2026-46404

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Vulnerability Description

BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-918
Source
NVD
Vendor
bigbluebutton
Product
bigbluebutton

External References

Discussion (0)

Add Comment

No comments yet. Be the first!