Critical AVideo flaw lets attackers run commands remotely and potentially hijack streams

A critical vulnerability in the open-source AVideo platform could let unauthenticated attackers execute arbitrary operating system commands on a server through a crafted request. The issue is tracked as CVE-2026-29058, carries a CVSS 3.1 score of 9.8, affects AVideo versions before 7.0, and is patched in version 7.0. The bug sits in objects/getImage.php and involves […] The post Critical AVideo flaw lets attackers run commands remotely and potentially hijack streams appeared first on VPN Central.