CVE-2026-41126

· NIST NVD ↗

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are available.

MEDIUM
CVSS severity
4.3
CVSS base score
2026-04-22
Published

CWE codes

CWE-601

Sources