CVE-2026-5638

MEDIUM

HerikLyma CPPWebFramework path traversal

Title source: cna

Description

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

[Vdb Entry] https://vuldb.com/vuln/355426

[Signature, Permissions Required] https://vuldb.com/vuln/355426/cti

[Third Party Advisory] https://vuldb.com/submit/785952

[Issue Tracking] https://github.com/HerikLyma/CPPWebFramework/issues/40

[Exploit] https://github.com/HerikLyma/CPPWebFramework/issues/40#issue-4118436068

[Product] https://github.com/HerikLyma/CPPWebFramework/

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

HerikLyma/CPPWebFramework 3.0

HerikLyma/CPPWebFramework 3.1

Published Apr 06, 2026

Tracked Since Apr 06, 2026