snailsploit[$]
CVE Disclosure · Cross-Language OSS

CVE-2026-43884

WWBN/AVideo · PHP

SSRF — HTTP redirect & DNS rebinding bypass

CVSS7.7
SeverityHigh
ClassSSRF
TrackCross-Language OSS

Summary

CVE-2026-43884 is a high-severity vulnerability (CVSS 7.7) affecting WWBN/AVideo. Written in PHP. The issue is classified as SSRF — HTTP redirect & DNS rebinding bypass, part of the Cross-Language OSS disclosure track on this site.

References

Authoritative sources and PoC material:

NVDMITREPoC repoVendor

Disclosure

Reporter
Kai Aizen (snailsploit)
Coordination
Vendor + MITRE/NVD
Status
Disclosed · CVE assigned · entry public on NVD
Track
Cross-Language OSS

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

disclosure contextall 23 cves →
all disclosures
CVE Ledger →
23 published CVEs across container, web, OSS, kernel
advisories
GHSA disclosures →
coordinated security advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesgithubxlinkedinresearchgate