CVE-2026-29058

{"id": "CVE-2026-29058", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-06T07:16:02.267", "references": [{"url": "https://github.com/WWBN/AVideo-Encoder/security/advisories/GHSA-9j26-99jh-v26q", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0."}, {"lang": "es", "value": "AVideo es un software de plataforma para compartir videos. Antes de la versi\u00f3n 7.0, un atacante no autenticado puede ejecutar comandos arbitrarios del sistema operativo en el servidor inyectando sustituci\u00f3n de comandos de shell en el par\u00e1metro GET base64Url. Esto puede llevar a un compromiso total del servidor, exfiltraci\u00f3n de datos (por ejemplo, secretos de configuraci\u00f3n, claves internas, credenciales) e interrupci\u00f3n del servicio. Este problema ha sido parcheado en la versi\u00f3n 7.0."}], "lastModified": "2026-03-10T19:14:24.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wwbn:avideo-encoder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3524E39-DF7C-4A58-9A7C-E7932948818C", "versionEndExcluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}