CVE-2026-41931

216.73.217.22

· Published 06/05/2026 19:16 · Modified 06/05/2026 20:16

Labels: CVE-2026-41931 2026-05-06 CVE-2026-41931 CWE-209 [email protected]

Essential information

Published: 06/05/2026 19:16
Modified: 06/05/2026 20:16
Author: —
Creator: —
CVSS: 6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.

NVD status

Status: Deferred — When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
vvveb / vvveb	`cpe:2.3:a:vvveb:vvveb:<1.0.8.2:::::::*`