BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in CreateMeeting.java and ValidationService.java, allowing a user to send valid requests to some endpoints without a checksum. This issue is fixed in version 3.0.21.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bigbluebutton
Bigbluebutton bigbluebutton |
|
| Vendors & Products |
Bigbluebutton
Bigbluebutton bigbluebutton |
Thu, 16 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in CreateMeeting.java and ValidationService.java, allowing a user to send valid requests to some endpoints without a checksum. This issue is fixed in version 3.0.21. | |
| Title | BigBlueButton API checksum bypass via presentationUploadExternalUrl | |
| Weaknesses | CWE-284 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T18:41:31.957Z
Reserved: 2026-05-13T18:37:30.991Z
Link: CVE-2026-46353
Updated: 2026-07-16T18:41:26.755Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T19:30:05Z