CVE-2026-29093
Unauthenticated Memcached Access in WWBN AVideo Enables Session Hijacking
Publication date: 2026-03-06
Last updated on: 2026-03-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wwbn | avideo | to 24.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29093 is a high-severity vulnerability in the WWBN AVideo platform versions prior to 24.0. The issue arises because the memcached service is published on the host network at port 11211 without any authentication or interface binding restrictions. PHP is configured to store all user sessions in this memcached instance.
Because memcached is exposed and lacks authentication, an attacker who can reach port 11211 can connect to memcached and read, modify, or flush session data. This allows attackers to hijack user sessions, impersonate administrators by modifying session data, destroy all active sessions causing denial of service, and gather memcached server statistics.
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- Session hijacking: Attackers can steal session data to impersonate users, including administrators.
- Privilege escalation: Attackers can modify session data to gain unauthorized administrative access.
- Mass session destruction: Attackers can flush all sessions, forcing all users to log out and causing a denial-of-service on session availability.
- Reconnaissance: Attackers can gather memcached server statistics that may aid further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the memcached service is exposed on the host network at port 11211 (0.0.0.0:11211) without authentication.
You can scan your network or system for open port 11211 using standard network scanning tools.
- Use a port scanning command such as: `nmap -p 11211 <target-ip>` to check if port 11211 is open.
- Connect to the memcached service using netcat or telnet: `nc <target-ip> 11211` or `telnet <target-ip> 11211`.
- Run memcached commands to enumerate session keys and check for exposure: `stats items`, `stats cachedump <slab_id> <limit>`, and `get <session_key>`.
What immediate steps should I take to mitigate this vulnerability?
The immediate and preferred mitigation step is to remove the port mapping for memcached from the docker-compose.yml file to prevent memcached from being exposed on the host network.
Alternatively, if host access to memcached is necessary, bind memcached to localhost (127.0.0.1) only, instead of 0.0.0.0.
For defense-in-depth, enable SASL authentication on the memcached service and update the PHP session configuration accordingly.
Updating to version 24.0 or later of the AVideo platform, where this issue is patched, is also recommended.