Security Advisory

CVE-2025-41368

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-26 11:37:52

Last updated 2026-03-26 13:40:20

Assigner INCIBE

State PUBLISHED

Description

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in / allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

← Browse all CVEs View on cve.org ↗