Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.

Basic Information

ID CVE-2026-41931

Source VulnCheck

Published May 6, 2026 at 18:36

Modified May 6, 2026 at 19:42

Affected Product

Vendor givanz

Product Vvveb

Affected Versions givanz Vvveb 0

CWE Classification

CWE-1188 CWE-209

References

{
    "lastseen": "",
    "description": "Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.",
    "published": "2026-05-06T18:36:13.363Z",
    "modified": "2026-05-06T19:42:17.377Z",
    "type": "cve",
    "title": "Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler",
    "source": "VulnCheck",
    "references": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.2\nhttps://github.com/givanz/Vvveb/security/advisories/GHSA-xgvg-r47g-786r\nhttps://www.vulncheck.com/advisories/vvveb-information-disclosure-via-debug-exception-handler",
    "id": "CVE-2026-41931",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1188",
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "givanz Vvveb 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vvveb",
    "version": "0",
    "vendor": "givanz",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler_CVE-2026-41931