What is the CVSS score of CVE-2024-26480?

CVE-2024-26480 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Statping Ng are affected by CVE-2024-26480?

A HIGH severity vulnerability in Statping-ng v.0.91.0 allows attackers to extract sensitive information through crafted requests, with public exploits already available.

Is there a public PoC exploit available for CVE-2024-26480?

Yes, a public proof-of-concept exploit is available for CVE-2024-26480. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2024-26480?

Within 24 hours: Audit all Statping-ng instances in your environment and isolate any running v.0.91.0 from untrusted networks; implement network access controls limiting admin interface exposure. Within 7 days: Contact the Statping-ng project for patch availability and timeline; if upgrading is possible, test and deploy patches to non-production environments first. Within 30 days: Complete migration to patched version across all production systems; conduct forensic review of access logs to detect prior exploitation attempts.

Statping Ng CVE-2024-26480

HIGH

Information Exposure (CWE-200)

2026-02-11 cve@mitre.org

Information Disclosure Statping Ng

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 28, 2026 - 04:16 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 20:16 nvd

HIGH 7.5

DescriptionCVE.org

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.

AnalysisAI

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. [CVSS 7.5 HIGH]

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects the a crafted request to the admin component of Statping-Ng. An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2024-26480 vulnerability details – vuln.today

Back

Statping Ng CVE-2024-26480

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code