External risk intelligence

Paid Videochat Turnkey Site Arbitrary File Deletion

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-57331

The vulnerability affects a paid videochat turnkey site plugin, which is a web-based application designed to be internet-facing to facilitate user interactions and video streaming services.

Path Traversal

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical security vulnerability in a specific video chat software that allows an unauthorized user with basic access to delete arbitrary files on the affected system. This could lead to significant disruption or data loss, depending on which files are targeted. The main concern is confirming relevance and exposure to our environment.

  • Unauthenticated users can delete system files.
  • Business disruption and data loss risk.
  • Assess impact and confirm system relevance.

Attack Path

How an attacker could exploit the issue

An attacker with some level of access to the paid videochat site could delete files on the server, potentially impacting the site's operation or allowing further compromise. This is possible because the site's software, up to version 7.4.8, has a flaw that allows for arbitrary file deletion.

  • Requires some user access.
  • Triggers arbitrary file deletion.
  • Leads to site disruption and further risk.

Live Threat

Current exploitation, exposure, and threat context

A critical arbitrary file deletion vulnerability in Paid Videochat Turnkey Site could allow a low-privilege attacker to remove any file on the server when the plugin is installed and active. This could impact the availability of the entire website or even the underlying server by deleting critical system files.

  • Server files.
  • Unauthenticated access to delete files.
  • Service disruption or denial of service.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in the Paid Videochat Turnkey Site software likely requires action from teams managing the application and its underlying infrastructure. The first practical step is to identify all instances of this software, confirm their exposure and business criticality, and then locate the accountable owners to plan remediation.

  • Application owners and infrastructure teams.
  • Verify affected systems and their exposure.
  • Plan and execute remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Paid Videochat Turnkey Site software?

This software is a plugin designed to provide video streaming and interactive chat functionality for websites. It serves as a backend platform that enables businesses to host live video services, allowing users to connect and interact within a web-based environment.

What does CVE-2026-57331 mean for my server security?

This vulnerability is classified as Improper Limitation of a Pathname to a Restricted Directory (CWE-22). In plain terms, the software fails to properly sanitize user inputs, allowing an attacker to navigate outside the intended folders and delete critical system files that keep your server and application running.

How can an attacker trigger this file deletion bug?

An attacker needs a low-privilege account on the videochat site to execute this action. Simply visiting the public, unauthenticated portion of the website does not trigger the deletion; the attacker must be able to interact with the plugin's authenticated functionality to provide the malicious path input.

Is my system at risk if it runs this plugin?

Halo Surface Signal flags this as a highly relevant issue because the plugin is a web-based application inherently designed to be internet-facing. Because it must be accessible to users for video streaming, it is directly exposed to external network traffic where an attacker could attempt to exploit the flaw.

What are the first steps to address this vulnerability?

Start by auditing your environment to locate all instances where this videochat plugin is installed and active. Once identified, confirm the business criticality of those specific systems, notify the responsible application owners, and coordinate a plan to update or disable the software until a patch is applied.

References