[HIGH] AVideo has an unauthenticated decrypt oracle leaking any ciphertext

PKSA-stv4-sw5c-pp7h CVE-2026-33512 GHSA-mwjc-5j4x-r686

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub