A vulnerability classified as critical has been found in BigBlueButton up to 3.0.20. Affected is an unknown function of the file CreateMeeting.java of the component Checksum Validation. This manipulation of the argument presentationUploadExternalUrl causes unrestricted upload.
The identification of this vulnerability is CVE-2026-46353. It is possible to initiate the attack remotely. There is no exploit available.