CVE-2026-29093
📋 TL;DR
This vulnerability exposes memcached session storage without authentication in WWBN AVideo's Docker configuration, allowing attackers to hijack sessions, impersonate administrators, or destroy all user sessions. It affects all deployments using the default Docker configuration before version 24.0. Attackers only need network access to port 11211 to exploit this.
💻 Affected Systems
- WWBN AVideo
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all user accounts including administrators, allowing full control over the video platform, data theft, and service disruption.
Likely Case
Session hijacking leading to unauthorized access to user accounts, potential privilege escalation to admin, and mass logout of users.
If Mitigated
Limited to internal network attacks if proper network segmentation is in place, with no impact if memcached is properly secured.
🎯 Exploit Status
Exploitation requires only network access to port 11211 and basic memcached knowledge. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.0
Vendor Advisory: https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9
Restart Required: Yes
Instructions:
1. Update to AVideo version 24.0 or later. 2. Pull the latest Docker images. 3. Recreate containers using updated docker-compose.yml. 4. Restart all services.
🔧 Temporary Workarounds
Restrict memcached network access
allModify docker-compose.yml to bind memcached only to localhost instead of all interfaces
Change '0.0.0.0:11211:11211' to '127.0.0.1:11211:11211' in memcached service ports section
Enable memcached SASL authentication
allConfigure memcached with authentication to prevent unauthorized access
Add '-S' flag to memcached command in docker-compose.yml and configure PHP to use authenticated connection
🧯 If You Can't Patch
- Implement strict network ACLs to block all external access to port 11211
- Deploy a network-based firewall or container network policy to restrict memcached access to only the PHP container
🔍 How to Verify
Check if Vulnerable:
Check if memcached port 11211 is bound to 0.0.0.0 using 'docker ps' or 'netstat -tlnp | grep 11211' and verify AVideo version is below 24.0Check Version:
docker exec avideo_web_container php version.php 2>/dev/null || grep 'version' /var/www/html/configuration.phpVerify Fix Applied:
Confirm memcached is bound to 127.0.0.1:11211 or not exposed, and AVideo version is 24.0+ using version check command📡 Detection & Monitoring
Log Indicators:
- Unusual memcached connections from unexpected IPs
- Multiple session invalidations or user logout events
Network Indicators:
- External connections to port 11211
- Memcached protocol traffic from unauthorized sources
SIEM Query:
destination_port=11211 AND NOT (source_ip IN [authorized_ips])