[HIGH] AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server

PKSA-5tbj-dcxw-w2wv CVE-2026-43873 GHSA-qm9p-p5pw-jrx2

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub