Primary

Context

BigBlueButton Missing Authorization Vulnerability Allowing Caption Injection and Overwrite

Vulnerability

Patched

A vulnerability in BigBlueButton, an open-source virtual classroom platform, exists in versions prior to 3.0.24. The issue stems from a missing authorization that enables viewers to inject or overwrite captions. In version 3.0.24, permissions were tightened to restrict who can submit captions. Without this fix, viewers or non-audio users could alter caption content.

Impact

Exploitation of this vulnerability allows for unauthorized injection of captions or overwriting of existing captions by viewers or non-audio users.

Remediation

Users are advised to upgrade to BigBlueButton version 3.0.24 or later.

Added: Apr 22, 2026, 12:36 AM

Updated: Apr 22, 2026, 12:36 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

6.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

6.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BigBlueButton Missing Authorization Vulnerability Allowing Caption Injection and Overwrite

Vulnerability

Impact

Remediation

Affected Products

BigBlueButton

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating