Path Traversal in Smallsrv Small Http

CVE-2025-41368

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permission…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

Affected products

Smallsrv Small Http — versions 3.06.36

Weakness classification (CWE)

CWE-22 — Path Traversal

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-… (patch)