PT-2026-40943 · Givanz+1 · Vvveb

Basant Kumar

+1

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-41935

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.3
Description An uncontrolled recursion issue exists in the admin controller dispatch cycle. The Base::init() function repeatedly invokes the permission() function on error handlers, leading to infinite recursion that exhausts PHP memory limits. A low-privilege user can trigger this by sending sustained requests to forbidden admin URLs, resulting in a denial of service for legitimate traffic by exhausting PHP memory across all workers.
Recommendations Update to version 1.0.8.3 or later.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41935

Affected Products

Vvveb