EUVD-2026-36675
GHSA-gpg8-377c-3rgp
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable with no auth or interaction; availability rated High as stack overflow reliably crashes the process; C/I rated Low reflecting demonstrated POC scope, not confirmed RCE.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Ritlabs TinyWeb Server 1.94 and earlier on Win32 allows remote unauthenticated attackers to crash the server or potentially execute arbitrary code by sending a specially crafted HTTP Authorization header, triggering a memory corruption condition in the libeay32.dll component's Header Handler. A public proof-of-concept exploit has been disclosed at nathan2.com/posts/tinyweb/, and the vendor has not responded to responsible disclosure notifications, leaving all known versions unpatched. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special configuration is required beyond the server being reachable over the network: TinyWeb Server's HTTP Authorization header parsing is active by default on all deployments, and the overflow is triggered by any HTTP request containing a crafted Authorization header value regardless of whether authentication is actually enforced on the targeted resource. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms the vulnerability is trivially reachable over the network with no authentication, no complexity barrier, and no user interaction required - the most dangerous attack profile possible from an access perspective. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker sends a single HTTP request to TinyWeb Server containing an oversized or specially crafted value in the Authorization header field; the Header Handler in libeay32.dll copies this input into a fixed stack buffer without bounds checking, overwriting the return address. On systems without effective stack canaries or DEP enforcement - typical of legacy Win32 TinyWeb deployments - the attacker controls instruction flow and can achieve arbitrary code execution in the context of the TinyWeb process. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the vendor was contacted prior to disclosure and did not respond, leaving this vulnerability unresolved. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today