Vulnerability in Gibbonedu Gibbon

CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teac…

EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.

Affected products

Gibbonedu Gibbon — versions 0

Weakness classification (CWE)

CWE-98 — PHP Remote File Inclusion

References

ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (vendor-advisory)
ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (exploit)