CVE-2026-27737

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.19

Description Recording playback in presentation format fails to sanitize user input within the public chat. This allows a malicious actor to execute a targeted Cross-Site Scripting (XSS) attack—a technique where malicious scripts are injected into trusted websites—which is triggered for any user replaying the recording.

Recommendations Update to version 3.0.19.