CVE-2026-2940
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Tags
Description
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Analysis
Out-of-bounds write in the URL handler of Zaher1307's tiny_web_server allows remote attackers to achieve code execution, information disclosure, or denial of service without authentication. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running affected tiny_web_server versions and assess exposure scope. Within 7 days: Implement network segmentation to restrict untrusted traffic to affected servers, deploy WAF rules to filter malicious URL patterns, and disable unnecessary URL handler features if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today