CVE-2026-29093
Published: 06 March 2026
Summary
CVE-2026-29093 is a high-severity Improper Authentication (CWE-287) vulnerability in Wwbn Avideo. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-41 (Port and I/O Device Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly restricts exposure of unnecessary ports like 11211 for unauthenticated memcached services on host interfaces.
Mandates secure configuration settings in docker-compose.yml to avoid binding memcached to 0.0.0.0:11211.
Monitors and controls communications at external interfaces to block unauthorized access to the exposed memcached port.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exposed unauthenticated memcached enables exploitation of public-facing application (T1190) and stealing web session data/IDs for hijacking and admin impersonation (T1539).
NVD Description
WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached…
more
instance. An attacker who can reach port 11211 can read, modify, or flush session data — enabling session hijacking, admin impersonation, and mass session destruction without any application-level authentication. This issue has been patched in version 24.0.
Deeper analysisAI
CVE-2026-29093 affects WWBN AVideo, an open source video platform, in versions prior to 24.0. The vulnerability stems from the official docker-compose.yml file exposing the memcached service on the host port 11211 (bound to 0.0.0.0:11211) without any authentication. Meanwhile, the Dockerfile configures PHP to store all user sessions in this memcached instance, allowing unauthorized access to sensitive session data.
Remote attackers who can reach the exposed memcached port 11211 can read, modify, or flush session data without requiring application-level authentication. This enables session hijacking, impersonation of administrators, and mass destruction of user sessions, potentially disrupting the platform and granting unauthorized control.
The issue has been addressed in AVideo version 24.0. Security practitioners should upgrade to this patched version, as detailed in the GitHub release notes at https://github.com/WWBN/AVideo/releases/tag/24.0 and the security advisory at https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9. Additionally, review Docker deployments to ensure memcached is not unnecessarily exposed on public interfaces.
Details
- CWE(s)