Improper input validation in Maximmasiutin Tinyweb

CVE-2026-29046

TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser did not strictly reject dangerous contr…

EPSS: 0.003 (51.6th percentile) — read the EPSS interpretation.