A vulnerability labeled as critical has been found in WWBN AVideo up to 29.0 . This vulnerability affects the function msgToResourceId of the file plugin/YPTSocket/getWebSocket.json.php of the component Outbound Message Handler . The manipulation of the argument json results in code injection. This vulnerability is cataloged as CVE-2026-43874 . The attack may be launched remotely. There is no exploit available. Applying a patch is advised to resolve this issue.