A vulnerability, which was classified as problematic , was found in WWBN AVideo up to 29.0 . The affected element is an unknown function of the file objects/sendEmail.json.php of the component Endpoint . Executing a manipulation of the argument sendTo can lead to improper verification of source of a communication channel. This vulnerability is handled as CVE-2026-43880 . The attack can be executed remotely. There is not any exploit available. Applying a patch is advised to resolve this issue.