CVE-2026-41127
BigBlueButton's missing authorization allows viewer to inject/overwrite captions
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
bigbluebutton · bigbluebutton¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →