[HIGH] AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

PKSA-nfgn-q1hy-xddr CVE-2026-33649 GHSA-g8x9-7mgh-7cvj

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub