Description

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's filesystem by crafting a malicious HTTP GET request containing ../ sequences. The application fails to sanitize the filename variable derived from the user-controlled URL path, directly concatenating it to the files_directory base path and enabling traversal outside the intended root. No patch was available at the time of publication.

INFO

Published Date :

2026-01-24T01:50:24.473Z

Last Modified :

2026-01-26T16:17:09.316Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24469 vulnerability.

Vendors Products
Frustratedproton
  • Http-server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24469.

URL Resource
https://github.com/frustratedProton/http-server/security/advisories/GHSA-qp54-6gfq-3gff cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact