MEDIUM SeverityCVSS 4.06.9CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

CVE-2026-8209

Last updated May 09, 2026 · Published May 09, 2026

Description

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

Affected products

1 listed

gibbonedu:gibbon

Mappings

CWE

CWE-23

CAPEC

CAPEC-126

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Secure File HandlingUploads, storage, and serving files without opening the door to attackers.

CVE-2026-8209

Description

Affected products

Mappings

Related