CVE Catalog

CVE-2026-57323

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

The Flash & HTML5 Video plugin version 2.11.0 and earlier contains an unauthenticated broken access control vulnerability. An attacker can gain unauthorized access to functions or data without required authentication.

Risk Assessment

The risk involves potential unauthorized access to sensitive data or plugin functions, which may lead to confidentiality and integrity breaches.

Recommendation

It is recommended to immediately update the Flash & HTML5 Video plugin to the latest available version that fixes this vulnerability. Also review access control configuration in the system.

Original NVD description (English source)

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS