Bigbluebutton

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27736 MEDIUM PATCH This Month

Bigbluebutton versions up to 3.0.20 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Open Redirect Bigbluebutton
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27466 HIGH POC PATCH This Week

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service Bigbluebutton
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27736
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Bigbluebutton versions up to 3.0.20 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Open Redirect Bigbluebutton
NVD GitHub
CVE-2026-27466
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy