Bigbluebutton Vulnerabilities
Comprehensive security vulnerability database for Bigbluebutton products
2
0
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-27467 | 2.4 | This vulnerability allows a malicious server operator to potentially access audio data from users who join a BigBlueButton session with their microphone muted, even though the audio isn't heard by other participants. This issue occurs only between the time a user joins the meeting and when they first unmute their microphone, and it has been fixed in the latest version. | bigbluebuttonbigbluebutton | Theoretical | about 2 months agoFeb 21, 2026 |
| CVE-2026-27466 | 8.2 | An attacker can exploit a vulnerability in BigBlueButton to overload the server or crash a critical process by sending large files, which can lead to a Denial of Service. This issue only affects users who followed specific instructions in the documentation and is fixed in the latest version. | bigbluebuttonbigbluebutton | Theoretical | about 2 months agoFeb 21, 2026 |
About Bigbluebutton Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Bigbluebutton products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.