Path Traversal in Gibbonedu Gibbon

CVE-2026-8209

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful e…

EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.

Affected products

Gibbonedu Gibbon — versions 0

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (vendor-advisory)
ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a (exploit)