CVE-2026-27630

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02

Description TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. The server creates a new operating system thread for each incoming connection without enforcing a maximum concurrency limit or an appropriate request timeout. An unauthenticated remote attacker can exhaust server concurrency limits and memory by opening numerous connections and sending data very slowly. This is known as a Slowloris attack. The CMaxConnections limit is set to 512 and the CConnectionTimeoutSecs idle timeout is set to 30 seconds in version 2.02.

Recommendations Versions prior to 2.02 should be upgraded to version 2.02.