6.1
CVE-2026-27736
- EPSS 0.15%
- Veröffentlicht 25.02.2026 16:27:01
- Zuletzt bearbeitet 05.03.2026 18:26:56
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
BigBlueButton has Open Redirect vulnerability in ApiController
Open Redirect vulnerability in ApiController
BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No known workarounds are available.
Mögliche Gegenmaßnahme
Server: There are no workarounds. We recommend upgrading to a patched version of BigBlueButton.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BigBlueButton ≫ BigBlueButton Version < 3.0.20
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemBigBlueButton
≫
Produkt
Server
Version
>= 0.0.0, < 2.7.x
Version
>= 3.0.0, < 3.0.20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.042 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrx
https://github.com/bigbluebutton/bigbluebutton/commit/691f92f3af0d6b796b91cb968977068663119812
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrx