Description

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.

INFO

Published Date :

2026-05-06T18:36:13.363Z

Last Modified :

2026-05-08T14:05:06.295Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41931 vulnerability.

Vendors Products
Givanz
  • Vvveb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41931.

URL Resource
https://github.com/givanz/Vvveb/releases/tag/1.0.8.2 cve-icon cve-icon
https://github.com/givanz/Vvveb/security/advisories/GHSA-xgvg-r47g-786r cve-icon cve-icon cve-icon
https://www.vulncheck.com/advisories/vvveb-information-disclosure-via-debug-exception-handler cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact