Description
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Access via Path Traversal
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in HerikLyma's CPPWebFramework up to version 3.1 that permits path traversal. By crafting a request that manipulates file paths, an attacker can read arbitrary files on the server. The vulnerability is remote, meaning it can be triggered over the network without local interaction, and is categorized as CWE-22, which indicates unsafe file path handling.

Affected Systems

The affected product is HerikLyma CPPWebFramework. All releases up to the 3.1 series are impacted; any deployment using these versions is susceptible.

Risk and Exploitability

The severity score is medium (CVSS 6.9), with no publicly available EPSS data or KEV listing, but the exploit is publicly documented. Because it can be triggered via a normal HTTP request, an attacker with network access to the web application can exploit it. The lack of a released patch increases the risk; however, without code execution, the impact is limited to data disclosure rather than full system compromise.

Generated by OpenCVE AI on April 6, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest CPPWebFramework release that fixes path traversal.
  • If an update is not yet available, validate and sanitize all user‑supplied file paths on the server side.
  • Restrict file system permissions for the application’s web root to the minimal set required.
  • Monitor web logs for anomalous path traversal patterns.

Generated by OpenCVE AI on April 6, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Heriklyma
Heriklyma cppwebframework
Vendors & Products Heriklyma
Heriklyma cppwebframework

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title HerikLyma CPPWebFramework path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Heriklyma Cppwebframework
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T12:11:46.370Z

Reserved: 2026-04-05T20:20:53.735Z

Link: CVE-2026-5638

cve-icon Vulnrichment

Updated: 2026-04-06T12:07:44.256Z

cve-icon NVD

Status : Deferred

Published: 2026-04-06T09:16:18.267

Modified: 2026-06-17T10:59:25.530

Link: CVE-2026-5638

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:33:06Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')