2.4

CVE-2026-27467

EPSS 0.03%
Veröffentlicht 21.02.2026 07:18:26
Zuletzt bearbeitet 26.02.2026 18:54:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allow for malicious server operators to access audio data. The behavior is only incorrect between joining the meeting and the first time the user unmutes. This issue has been fixed in version 3.0.20.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

BigBlueButton ≫ BigBlueButton Version < 3.0.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.4	0.9	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com	2	0.5	1.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-6gj9-5rhm-68j8

Patch

Vendor Advisory

https://github.com/bigbluebutton/bigbluebutton/commit/3aa47832bc2b17178799bd932453c226e8f95703

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-27467

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27467

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27467

EUVD