A vulnerability has been found in WWBN AVideo up to 29.0 and classified as problematic . The impacted element is the function Scheduler::downloadICS of the file plugin/Scheduler/downloadICS.php . The manipulation of the argument joinURL leads to crlf injection. This vulnerability is uniquely identified as CVE-2026-43882 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.