Civetweb Project Civetweb — known CVE vulnerabilities
Every CVE whose affected-product data names Civetweb Project Civetweb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-27304 — CVSS 9.8 (critical): The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP…
CVE-2026-5789 — CVSS 7.8 (high): Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code…
CVE-2025-55763 — CVSS 7.5 (high): Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a…
CVE-2018-12684 — CVSS 7.1 (high): Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or…