{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T09:00:46.519","vulnerabilities":[{"cve":{"id":"CVE-2026-27736","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T17:25:40.283","lastModified":"2026-03-05T18:26:56.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No known workarounds are available."},{"lang":"es","value":"BigBlueButton es un aula virtual de código abierto. En versiones de la rama 3.x anteriores a la 3.0.20, la cadena recibida con errorRedirectUrl carece de validación, usarla directamente en la función respondWithRedirect conduce a una vulnerabilidad de redirección abierta. BigBlueButton 3.0.20 corrige el problema. No se conocen soluciones alternativas disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.20","matchCriteriaId":"FC6C16D8-2543-43E9-8F1B-632501E23028"}]}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/commit/691f92f3af0d6b796b91cb968977068663119812","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-65cv-rg9f-qqrx","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}