CVE-2026-33690: CVE-2026-33690: IP Address Spoofing via Unsafe Header Processing in WWBN AVideo

CVE-2026-33690: IP Address Spoofing via Unsafe Header Processing in WWBN AVideo Vulnerability ID: CVE-2026-33690 CVSS Score: 5.3 Published: 2026-03-25 WWBN AVideo versions up to and including 26.0 are vulnerable to IP address spoofing due to improper validation of HTTP headers. The application prioritizes user-controlled headers such as X-Forwarded-For over the actual TCP connection address, allowing attackers to bypass IP-based security controls. TL;DR AVideo <= 26.0 blindly trusts HTTP headers for client IP resolution, enabling IP spoofing and security control bypass. Technical Details CWE ID : CWE-348 Attack Vector : Network CVSS v3.1 : 5.3 EPSS Score : 0.00014 Impact : Access Control Bypass Exploit Status : Unexploited KEV Status : Not Listed Affected Systems WWBN AVideo AVideo : <= 26.0 (Fixed in: 26.1 ) Code Analysis Commit: 1a1df6a Refactor IP retrieval logic to implement a conditional trust model based on private IP ranges Mitigation Strategies Update WWBN AVideo to a version r