Is there a patch available for CVE-2026-8209?

Yes, a patch is available for CVE-2026-8209. Update the affected software to the latest version immediately.

Gibbon CVE-2026-8209

Q: What is the CVSS score of CVE-2026-8209?

CVE-2026-8209 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28899 MEDIUM

Relative Path Traversal (CWE-23)

2026-05-09 ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

GHSA-f8qc-g9ff-p4m7

PHP Path Traversal

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 09, 2026 - 05:01 EUVD

Source Code Evidence Fetched

May 09, 2026 - 04:30 vuln.today

Analysis Generated

May 09, 2026 - 04:30 vuln.today

CVE Published

May 09, 2026 - 04:16 nvd

MEDIUM 6.9

DescriptionNVD

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

AnalysisAI

Denial of service in Gibbon versions before v30.0.01 via path traversal during ZIP file extraction allows authenticated users with Teacher or higher privileges to trigger file deletion and application unavailability. The vulnerability exploits improper handling of malicious ZIP archives, where failed extraction attempts result in unintended deletion of PHP application files. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8209 vulnerability details – vuln.today

Back

Gibbon CVE-2026-8209

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Gibbon CVE-2026-8209

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code