CVE-2026-24469
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Tags
Description
C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's filesystem by crafting a malicious HTTP GET request containing ../ sequences. The application fails to sanitize the filename variable derived from the user-controlled URL path, directly concatenating it to the files_directory base path and enabling traversal outside the intended root. No patch was available at the time of publication.
Analysis
C++ HTTP Server versions 1.0 and below suffer from a path traversal vulnerability in the RequestHandler::handleRequest method that permits unauthenticated remote attackers to read arbitrary files from the server filesystem through malicious HTTP GET requests containing directory traversal sequences. The vulnerability stems from insufficient input validation on the URL path, which is directly concatenated to the base directory without sanitization. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running C++ HTTP Server versions 1.0 and below; restrict network access to affected servers via firewall rules. Within 7 days: Deploy WAF rules to block path traversal patterns (../, ..\, encoded variants); implement input validation at the application layer; evaluate upgrade to version 1.1 or later if available. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today