CVE-2016-20035 MEDIUM

CVE-2016-20035: Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Vendor Wowza Media Systems, Llc.
Product Wowza Streaming Engine
Weakness CWE-352 · CSRF
Published March 15, 2026
Last update March 16, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.

Key dates

02Disclosure timeline

March 15, 2026 CVE published
March 16, 2026 Record updated