← Retour aux CVEs
CVE-2026-41126
MEDIUM4.3
Description
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are available.
Details CVE
Score CVSS v3.14.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie4/22/2026
Derniere modification4/22/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-601
References
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-cvwj-4pcp-f3g8(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.