← volver
CVE-2026-27736

BigBlueButton has Open Redirect vulnerability in ApiController

CVSS 6.1 MEDIUMEPSS 0.1%CWE-601
BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
bigbluebutton · bigbluebutton

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/bigbluebutton/bigbluebutton/commit/691f92f3af0d6b796b91cb968977068663119812https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrx