Ghostwire

CVE-2026-43881: AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the...

MEDIUM CVSS 5.3 Exploit Available

Published: May 5, 2026 | Last Modified: May 5, 2026

Description

AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/WWBN/AVideo/security/advisories/GHSA-6rvw-7p8v-mjfq
github.com/WWBN/AVideo/commit/d9cdc702481a626b15f814f6093f1e2a9c20d375
github.com/advisories/GHSA-6rvw-7p8v-mjfq
www.tenable.com/cve/CVE-2026-43881
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-43881