[MEDIUM] AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

PKSA-zrqg-465j-tm13 CVE-2026-34364 GHSA-73gr-r64q-7jh4

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub