{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T07:18:24.267","vulnerabilities":[{"cve":{"id":"CVE-2026-24469","sourceIdentifier":"security-advisories@github.com","published":"2026-01-24T03:16:01.150","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's filesystem by crafting a malicious HTTP GET request containing ../ sequences. The application fails to sanitize the filename variable derived from the user-controlled URL path, directly concatenating it to the files_directory base path and enabling traversal outside the intended root. No patch was available at the time of publication."},{"lang":"es","value":"C++ HTTP Server es un servidor HTTP/1.1 diseñado para manejar conexiones de clientes y servir solicitudes HTTP. Las versiones 1.0 e inferiores son vulnerables a salto de ruta a través del método RequestHandler::handleRequest. Esta falla permite a un atacante remoto no autenticado leer archivos arbitrarios del sistema de archivos del servidor al crear una solicitud HTTP GET maliciosa que contiene secuencias ../. La aplicación no logra sanear la variable filename derivada de la ruta URL controlada por el usuario, concatenándola directamente a la ruta base files_directory y permitiendo el salto de ruta fuera de la raíz prevista. Ningún parche estaba disponible en el momento de la publicación."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/frustratedProton/http-server/security/advisories/GHSA-qp54-6gfq-3gff","source":"security-advisories@github.com"}]}}]}