This page lists publicly disclosed CVE vulnerabilities affecting smallsrv small_http_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-41359 | Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could allow arbitrary code execution, unauthorized access to the system, or service dis | [email protected] | 8.5 | 0.15% | 2026-03-26 | 2026-03-26 |
| CVE-2025-41368 | Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server. | [email protected] | 8.7 | 0.61% | 2026-03-26 | 2026-03-26 |
| CVE-2022-28994 | Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | [email protected] | 9.8 | 2.13% | 2022-04-29 | 2024-11-21 |