CVE-2026-8209 MEDIUM

CVE-2026-8209

Vendor Gibbonedu

Product gibbon

Weakness CWE-23

Published May 9, 2026

Last update May 11, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

Key dates

02Disclosure timeline

May 9, 2026 CVE published

May 11, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-8209 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

CVE-2026-8209

01Description

02Disclosure timeline

03References

04Related CVE