[CRITICAL] AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

PKSA-7gff-yt7v-8bkx CVE-2026-33716 GHSA-9hv9-gvwm-95f2

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub