CVE-2026-41055

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier

Description An incomplete Server-Side Request Forgery (SSRF) fix in the LiveLinks proxy introduces a DNS Time-of-Check to Time-of-Use (TOCTOU) flaw. Although the isSSRFSafeURL() function provides validation, DNS rebinding can occur between the validation step and the actual HTTP request, allowing traffic to be redirected to internal endpoints.

Recommendations Apply the fix provided in commit 8d8fc0cadb425835b4861036d589abcea4d78ee8.