QwikSec

Security Database

CVE

CWE

Training

CVE-2025-41368

Published: Mar 26, 2026

Modified: Mar 26, 2026

PUBLISHED

Description

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server.

Vendor	Product	Versions
Smallsrv	Small HTTP	affected `3.06.36`

Weaknesses (CWE)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-small-http-server-smallsrv

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.