CVE-2026-41126
Published
CVSS v3
4.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are available.
A complete web conferencing system for virtual classes and more!
GitHub