Hiawatha-webserver Hiawatha — known CVE vulnerabilities
Every CVE whose affected-product data names Hiawatha-webserver Hiawatha, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-8358 — CVSS 8.1 (high): In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
CVE-2025-57783 — CVSS 5.3 (medium): Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an…
CVE-2025-57784 — CVSS 3.3 (low): Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker…