A vulnerability was found in WWBN AVideo up to 29.0 . It has been rated as critical . This affects the function User::getAllUsers of the file objects/users.json.php . This manipulation of the argument ignoreAdmin causes missing authentication. This vulnerability is tracked as CVE-2026-43881 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.