Plattform
other
Komponente
http-server
Behoben in
1.0.1
CVE-2026-24469 describes a Path Traversal vulnerability present in C++ HTTP Server versions 1.0 and earlier. This vulnerability allows an unauthenticated attacker to read arbitrary files from the server's filesystem. The flaw is located in the RequestHandler::handleRequest method due to improper handling of user-supplied URL paths. A patch is available in version 1.0.1.
Successful exploitation of CVE-2026-24469 allows an unauthenticated, remote attacker to read sensitive files from the server's filesystem. This could include configuration files, source code, or even user data, depending on the server's file structure and permissions. The attacker's ability to read arbitrary files grants them a significant level of access and control over the affected system. While the vulnerability does not directly lead to remote code execution, the information gained could be used to identify other vulnerabilities or compromise the system further. The blast radius extends to any system running the vulnerable C++ HTTP Server version, potentially exposing a wide range of data.
CVE-2026-24469 was publicly disclosed on 2026-01-24. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's severity is rated HIGH (CVSS 7.5). It is not currently listed on the CISA KEV catalog. The ease of exploitation is relatively low due to the need for crafting specific HTTP requests, but the potential impact is significant.
Systems running C++ HTTP Server versions 1.0 and earlier are at risk. This includes development environments, testing servers, and production deployments where this server is used. Shared hosting environments where users have the ability to craft HTTP requests are particularly vulnerable.
• linux / server:
journalctl -u cpp-http-server -g "Path Traversal"• generic web:
curl -I http://<server_ip>/../../../../etc/passwd• generic web:
grep -r "RequestHandler::handleRequest" /path/to/cpp-http-server/source_codedisclosure
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-24469 is to upgrade to version 1.0.1 of C++ HTTP Server. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) to filter malicious HTTP GET requests containing '../' sequences. Additionally, restrict file access permissions to the minimum necessary to prevent unauthorized file reads. Regularly review and audit the server's file structure and permissions to identify and address potential vulnerabilities. After upgrading, confirm the fix by attempting a path traversal attack using a crafted HTTP GET request with '../' sequences; the server should reject the request.
No hay parche disponible. Se recomienda no utilizar la versión vulnerable del servidor HTTP C++ o implementar una solución de mitigación que valide y sanee las rutas de los archivos solicitados para evitar el recorrido de directorios. Considere utilizar un servidor HTTP más robusto y mantenido.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24469 is a Path Traversal vulnerability affecting C++ HTTP Server versions 1.0 and earlier, allowing attackers to read arbitrary files.
You are affected if you are using C++ HTTP Server version 1.0 or earlier. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of C++ HTTP Server. As a temporary workaround, implement a WAF or restrict file access permissions.
There is currently no evidence of CVE-2026-24469 being actively exploited.
Refer to the C++ HTTP Server project's official website or repository for the advisory related to CVE-2026-24469.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.