CVE-2026-27466

HIGH
2026-02-21 [email protected]
7.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
PoC Detected
Feb 26, 2026 - 18:59 vuln.today
Public exploit code
Patch Released
Feb 26, 2026 - 18:59 nvd
Patch available
CVE Published
Feb 21, 2026 - 08:16 nvd
HIGH 7.2

Tags

Ubuntu Docker Denial Of Service Bigbluebutton

Description

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both ports (3310 and 7357) to the internet. A remote attacker can use this to send complex or large documents to clamd and waste server resources, or shutdown the clamd process. The clamd documentation explicitly warns about exposing this port. Enabling ufw (ubuntu firewall) during install does not help, because Docker routes container traffic through the nat table, which is not managed or restricted by ufw. Rules installed by ufw in the filter table have no effect on docker traffic. In addition, the provided example also mounts /var/bigbluebutton with write permissions into the container, which should not be required. Future vulnerabilities in clamd may allow attackers to manipulate files in that folder. Users are unaffected unless they have opted in to follow the extra instructions from BigBlueButton's documentation. This issue has been fixed in version 3.0.22.

Analysis

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all BigBlueButton instances and confirm versions currently deployed. Within 7 days: Apply available vendor patch to all affected BigBlueButton servers (version 3.0.22 or later). …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

56
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +36
POC: +20

Share

CVE-2026-27466 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy