Multiple vulnerabilities in Small HTTP server by Smallsrv_CVE-2025-41368

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

Basic Information

ID CVE-2025-41368

Source INCIBE

Published Mar 26, 2026 at 11:37

Modified Mar 26, 2026 at 13:40

Affected Product

Vendor Smallsrv

Product Small HTTP

Version 3.06.36

Affected Versions Smallsrv Small HTTP 3.06.36

CWE Classification

CWE-22

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-server-smallsrv

{
    "lastseen": "",
    "description": "Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.",
    "published": "2026-03-26T11:37:52.747Z",
    "modified": "2026-03-26T13:40:20.561Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in Small HTTP server by Smallsrv",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-server-smallsrv",
    "id": "CVE-2025-41368",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Smallsrv Small HTTP 3.06.36",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Small HTTP",
    "version": "3.06.36",
    "vendor": "Smallsrv",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}