CVE-2026-29093
Received Received - Intake
Unauthenticated Memcached Access in WWBN AVideo Enables Session Hijacking

Publication date: 2026-03-06

Last updated on: 2026-03-16

Assigner: GitHub, Inc.

Description
WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data β€” enabling session hijacking, admin impersonation, and mass session destruction without any application-level authentication. This issue has been patched in version 24.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-29093
EUVD
EUVD-2026-9973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wwbn avideo to 24.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-29093 is a high-severity vulnerability in the WWBN AVideo platform versions prior to 24.0. The issue arises because the memcached service is published on the host network at port 11211 without any authentication or interface binding restrictions. PHP is configured to store all user sessions in this memcached instance.

Because memcached is exposed and lacks authentication, an attacker who can reach port 11211 can connect to memcached and read, modify, or flush session data. This allows attackers to hijack user sessions, impersonate administrators by modifying session data, destroy all active sessions causing denial of service, and gather memcached server statistics.

Impact Analysis

This vulnerability can have several serious impacts:

  • Session hijacking: Attackers can steal session data to impersonate users, including administrators.
  • Privilege escalation: Attackers can modify session data to gain unauthorized administrative access.
  • Mass session destruction: Attackers can flush all sessions, forcing all users to log out and causing a denial-of-service on session availability.
  • Reconnaissance: Attackers can gather memcached server statistics that may aid further attacks.
Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the memcached service is exposed on the host network at port 11211 (0.0.0.0:11211) without authentication.

You can scan your network or system for open port 11211 using standard network scanning tools.

  • Use a port scanning command such as: `nmap -p 11211 <target-ip>` to check if port 11211 is open.
  • Connect to the memcached service using netcat or telnet: `nc <target-ip> 11211` or `telnet <target-ip> 11211`.
  • Run memcached commands to enumerate session keys and check for exposure: `stats items`, `stats cachedump <slab_id> <limit>`, and `get <session_key>`.
Mitigation Strategies

The immediate and preferred mitigation step is to remove the port mapping for memcached from the docker-compose.yml file to prevent memcached from being exposed on the host network.

Alternatively, if host access to memcached is necessary, bind memcached to localhost (127.0.0.1) only, instead of 0.0.0.0.

For defense-in-depth, enable SASL authentication on the memcached service and update the PHP session configuration accordingly.

Updating to version 24.0 or later of the AVideo platform, where this issue is patched, is also recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart