[HIGH] WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

PKSA-k95w-1pmg-ryfd CVE-2026-39370 GHSA-cmcr-q4jf-p6q9

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub