Resource exhaustion in Maximmasiutin Tinyweb
CVE-2026-27630
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection withou…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.
Affected products
- Maximmasiutin Tinyweb — versions < 2.02
Weakness classification (CWE)
References
- https://github.com/maximmasiutin/TinyWeb/security/advisories/GHSA-ccv5-8948-c99c (x_refsource_CONFIRM)
- https://github.com/maximmasiutin/TinyWeb/commit/23268c8 (x_refsource_MISC)
- https://www.masiutin.net/tinyweb-cve-2026-27630.html (x_refsource_MISC)