A vulnerability identified as critical has been detected in AVideo up to 25.0 . This issue affects some unknown processing of the file decryptMessage.json.php . The manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-56346 . The attack may be initiated remotely. There is no available exploit.