PT-2026-40942 · Givanz+1 · Vvveb

Basant Kumar

+1

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-41933

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.3
Description An information disclosure issue allows unauthenticated attackers to enumerate files and directories. This occurs because multiple paths lack proper index directives in .htaccess files, which are configuration files used by Apache web servers to control directory-level settings. Attackers can access admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates that contain sensitive route maps.
Recommendations Update Vvveb to version 1.0.8.3 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41933

Affected Products

Vvveb