#CVE202640911

CVE-2026-40911: CWE-94: Improper Control of Generation of Code ('Code Injection' WWBN AVideo (<=29.0) contains a critical CWE-94 code injection vulnerability in the YPTSocket plugin. The WebSocket server forwards attacker-supplied JSON message bodies to all connected clients without sanitizing the 'msg' or 'callback' fi

WWBN AVideo <=29.0 faces CRITICAL code injection (CVSS 10) in YPTSocket. Attackers can hijack sessions & accounts. Patch via commit c08694b or upgrade now. radar.offseq.com/threat/cve-2026-40911-cw... #OffSeq #CVE202640911 #security