CVE-2026-33650: CVE-2026-33650: Privilege Escalation via Incorrect Authorization in WWBN AVideo

CVE-2026-33650: Privilege Escalation via Incorrect Authorization in WWBN AVideo Vulnerability ID: CVE-2026-33650 CVSS Score: 7.6 Published: 2026-03-25 WWBN AVideo versions up to and including 26.0 contain an incorrect authorization vulnerability (CWE-863). Users with the 'Videos Moderator' permission can exploit inconsistent authorization boundaries to transfer video ownership and delete arbitrary videos, resulting in privilege escalation. TL;DR A privilege escalation flaw in WWBN AVideo <= 26.0 allows 'Videos Moderator' users to bypass authorization checks, transfer arbitrary video ownership to themselves, and subsequently delete videos they do not own. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-863 Attack Vector : Network CVSS Score : 7.6 EPSS Score : 0.00028 Impact : High Integrity, Low Availability Exploit Status : Proof of Concept KEV Status : Not Listed Affected Systems WWBN AVideo <= 26.0 AVideo : <= 26.0 (Fixed in: Commit 838e16818c793779406ecbf34ebaeba9830e33f8 ) Co