CVE-2026-46404
EUVD-2026-4499716.07.2026, 19:16
BigBlueButton is an open-source virtual classroom. Prior to 3.0.23, the presentation URL validation did not properly restrict access to site local and link local addresses. The redirect following logic now pins resolved IPs. This issue is fixed in version 3.0.23.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| bigbluebutton | bigbluebutton | 𝑥 < 3.0.23 | CNA |