Fixed Intel

CVE-2026-29058

Critical
CVSS 9.8

Description

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0.

CVSS Score

9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-78OS Command InjectionMITRE

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

References (1)

https://github.com/WWBN/AVideo-Encoder/security/advisories/GHSA-9j26-99jh-v26qsecurity-advisories@github.com

Risk Assessment

ELEVATED
Critical CVSS

Details

Severity
Critical
CVSS
9.8
CWE
CWE-78
CISA KEV
No
Articles
1

Timeline

Published

Mar 6, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE