CVE-2026-27736

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.20

Description BigBlueButton is a virtual classroom platform. Versions of the 3.x branch before 3.0.20 contain an Open Redirect issue. The errorRedirectUrl string is not properly validated, and is directly used in the respondWithRedirect function. This allows for redirection to a malicious URL.

Recommendations Update to version 3.0.20 or later.