GHSA-QXVM-R42F-5P8J: GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo

1 / 2

GHSA-QXVM-R42F-5P8J: GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo

DEV Community·CVE Reports·17 days ago

#B4rIR9Nw

#security #cve #cybersecurity #ghsa #meet #avideo

Reading 0:00

15s threshold

GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo Vulnerability ID: GHSA-QXVM-R42F-5P8J CVSS Score: 9.8 Published: 2026-05-15 AVideo is vulnerable to a critical authentication bypass within the Meet plugin. An attacker possessing the Meet shared secret can impersonate any user, including administrators, by supplying a crafted filename to the video upload endpoint, leading to complete system compromise. TL;DR A flaw in AVideo's Meet plugin allows authentication bypass and arbitrary user impersonation. By exploiting an insecure passwordless login mechanism linked to video file uploads, an attacker can obtain administrative access.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-QXVM-R42F-5P8J: GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo