CVE-2026-24469

Name of the Vulnerable Software and Affected Versions C++ HTTP Server versions 1.0 and below

Description C++ HTTP Server is an HTTP/1.1 server designed to manage client connections and process HTTP requests. Versions 1.0 and below contain a flaw that allows a remote, unauthenticated attacker to read arbitrary files from the server’s filesystem. This is possible by creating a malicious HTTP GET request that includes '../' sequences. The application does not properly sanitize the filename variable, which is derived from the URL path provided by the user. This allows the application to concatenate the unsanitized filename to the files directory base path, enabling traversal outside the intended root directory. The vulnerable method is RequestHandler::handleRequest.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.