CVE-2025-41368

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 26, 2026

Vendor unknown

Description

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-server-smallsrv