CVE-2026-12200 | A security vulnerability has been detected in Ritlabs TinyWe… | CVSS 7.3 HIGH

Description

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12200
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-14 11:39 UTC
Published: 2026-06-15 00:15 UTC
Last updated: 2026-06-15 00:15 UTC
Primary CWE: CWE-121
Stack-based Buffer Overflow
Vendor / Product: Ritlabs / TinyWeb Server
Sources: cve.org · NVD

Severity & Metrics

7.3 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
Ritlabs	TinyWeb Server	—	1.0, 1.1, 1.2, 1.3 …

Weakness (CWE)

CWE	Source	Description
CWE-119	cna	Memory Corruption
CWE-121	cna	Stack-based Buffer Overflow

CVSS scores (4)

Score	Severity	Version	Source	Vector
7.5	N/D	2.0	cna	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
7.3	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (5)

VDB-370842 | Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow https://vuldb.com/vuln/370842
VDB-370842 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/370842/cti
CVE-2026-12200 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12200
Submit #829894 | RITLabs TinyWeb 1.94 Stack-based Buffer Overflow https://vuldb.com/submit/829894
https://nathan2.com/posts/tinyweb/