Skip to content
snailsploit[$]
CVE Disclosure · Cross-Language OSS

CVE-2026-43884

WWBN/AVideo · PHP

SSRF — HTTP redirect & DNS rebinding bypass

CVSS7.7
SeverityHigh
ClassSSRF
TrackCross-Language OSS

Summary

CVE-2026-43884 is a high-severity vulnerability (CVSS 7.7) affecting WWBN/AVideo. Written in PHP. The issue is classified as SSRF — HTTP redirect & DNS rebinding bypass, part of the Cross-Language OSS disclosure track on this site.

References

Authoritative sources and PoC material:

NVDMITREPoC repoVendor

Disclosure

Reporter
Kai Aizen (snailsploit)
Coordination
Vendor + MITRE/NVD
Status
Disclosed · CVE assigned · entry public on NVD
Track
Cross-Language OSS

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

disclosure contextall 74 cves →GHSA advisory →
all disclosures
CVE Ledger →
74 published CVEs across container, web, OSS, kernel
advisories
GHSA disclosures →
coordinated security advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent Adversarial · Research group. 74 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesresearchgate
Quick facts
ID
CVE-2026-43884
Product
WWBN/AVideo
Severity
7.7 · High
Class
SSRF — HTTP redirect & DNS rebinding bypass
References: NVD · MITRE · snailsploit CVE ledger
Frequently asked

CVE-2026-43884 — questions & answers

What is CVE-2026-43884?

CVE-2026-43884 is a disclosed vulnerability (SSRF — HTTP redirect & DNS rebinding bypass) in WWBN/AVideo, coordinated through the standard CVE process by independent security researcher Kai Aizen.

Am I affected by CVE-2026-43884?

You are affected if your environment runs an unpatched version of WWBN/AVideo. Check the upstream advisory or NVD record for the precise affected version range, then verify against your deployed version.

How do I fix CVE-2026-43884?

Upgrade WWBN/AVideo to the version that includes the upstream fix referenced in the NVD record. If an immediate upgrade is not possible, apply the mitigation guidance from the vendor advisory and restrict exposure of the affected surface area.

What is the impact of CVE-2026-43884?

CVSS 7.7 · High. The vulnerability class is SSRF — HTTP redirect & DNS rebinding bypass; consult the NVD and vendor advisory for vector details, exploitation prerequisites, and observed impact.

Where can I find authoritative references?

NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-43884, the MITRE CVE record at https://www.cve.org/CVERecord?id=CVE-2026-43884, and the vendor's security advisory page.