CVE-2026-46404

CVE-2026-46404CVE-2026-46404

Description

BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23.

Scoring

CVSS 6.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Last modified2026-07-16
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.