CVE-2025-41368 HIGH

CVE-2025-41368: Multiple vulnerabilities in Small HTTP server by Smallsrv

Vendor Smallsrv
Product Small HTTP
Weakness CWE-22 · Path traversal
Published March 26, 2026
Last update March 26, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

Key dates

02Disclosure timeline

March 26, 2026 CVE published
March 26, 2026 Record updated

Related vulnerabilities

04Related CVE