CVE-2026-27467

Name of the Vulnerable Software and Affected Versions BigBlueButton versions 3.0.19 and below

Description BigBlueButton is a virtual classroom platform. When a user joins a session with the microphone initially muted, the client may send audio data to the server despite the mute state. While the server discards this audio, preventing it from being audible to other participants, a malicious server operator could potentially access this data. This behavior occurs only between joining the meeting and the first time the user unmutes.

Recommendations Update to version 3.0.20 or later.