A vulnerability described as problematic has been identified in BigBlueButton up to 3.0.20. This impacts an unknown function of the file bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java of the component Util. The manipulation results in insufficiently random values.

This vulnerability was named CVE-2026-46351. The attack may be performed from remote. There is no available exploit.