CVE-2026-12200

EUVD-2026-36675

15.06.2026, 01:16

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulDB	CNA	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
ritlabs	tinyweb	1.0	CNA
ritlabs	tinyweb	1.1	CNA
ritlabs	tinyweb	1.2	CNA
ritlabs	tinyweb	1.3	CNA
ritlabs	tinyweb	1.4	CNA
ritlabs	tinyweb	1.5	CNA
ritlabs	tinyweb	1.6	CNA
ritlabs	tinyweb	1.7	CNA
ritlabs	tinyweb	1.8	CNA
ritlabs	tinyweb	1.9	CNA
ritlabs	tinyweb	1.10	CNA
ritlabs	tinyweb	1.11	CNA
ritlabs	tinyweb	1.12	CNA
ritlabs	tinyweb	1.13	CNA
ritlabs	tinyweb	1.14	CNA
ritlabs	tinyweb	1.15	CNA
ritlabs	tinyweb	1.16	CNA
ritlabs	tinyweb	1.17	CNA
ritlabs	tinyweb	1.18	CNA
ritlabs	tinyweb	1.19	CNA
ritlabs	tinyweb	1.20	CNA
ritlabs	tinyweb	1.21	CNA
ritlabs	tinyweb	1.22	CNA
ritlabs	tinyweb	1.23	CNA
ritlabs	tinyweb	1.24	CNA
ritlabs	tinyweb	1.25	CNA
ritlabs	tinyweb	1.26	CNA
ritlabs	tinyweb	1.27	CNA
ritlabs	tinyweb	1.28	CNA
ritlabs	tinyweb	1.29	CNA
ritlabs	tinyweb	1.30	CNA
ritlabs	tinyweb	1.31	CNA
ritlabs	tinyweb	1.32	CNA
ritlabs	tinyweb	1.33	CNA
ritlabs	tinyweb	1.34	CNA
ritlabs	tinyweb	1.35	CNA
ritlabs	tinyweb	1.36	CNA
ritlabs	tinyweb	1.37	CNA
ritlabs	tinyweb	1.38	CNA
ritlabs	tinyweb	1.39	CNA
ritlabs	tinyweb	1.40	CNA
ritlabs	tinyweb	1.41	CNA
ritlabs	tinyweb	1.42	CNA
ritlabs	tinyweb	1.43	CNA
ritlabs	tinyweb	1.44	CNA
ritlabs	tinyweb	1.45	CNA
ritlabs	tinyweb	1.46	CNA
ritlabs	tinyweb	1.47	CNA
ritlabs	tinyweb	1.48	CNA
ritlabs	tinyweb	1.49	CNA
ritlabs	tinyweb	1.50	CNA
ritlabs	tinyweb	1.51	CNA
ritlabs	tinyweb	1.52	CNA
ritlabs	tinyweb	1.53	CNA
ritlabs	tinyweb	1.54	CNA
ritlabs	tinyweb	1.55	CNA
ritlabs	tinyweb	1.56	CNA
ritlabs	tinyweb	1.57	CNA
ritlabs	tinyweb	1.58	CNA
ritlabs	tinyweb	1.59	CNA
ritlabs	tinyweb	1.60	CNA
ritlabs	tinyweb	1.61	CNA
ritlabs	tinyweb	1.62	CNA
ritlabs	tinyweb	1.63	CNA
ritlabs	tinyweb	1.64	CNA
ritlabs	tinyweb	1.65	CNA
ritlabs	tinyweb	1.66	CNA
ritlabs	tinyweb	1.67	CNA
ritlabs	tinyweb	1.68	CNA
ritlabs	tinyweb	1.69	CNA
ritlabs	tinyweb	1.70	CNA
ritlabs	tinyweb	1.71	CNA
ritlabs	tinyweb	1.72	CNA
ritlabs	tinyweb	1.73	CNA
ritlabs	tinyweb	1.74	CNA
ritlabs	tinyweb	1.75	CNA
ritlabs	tinyweb	1.76	CNA
ritlabs	tinyweb	1.77	CNA
ritlabs	tinyweb	1.78	CNA
ritlabs	tinyweb	1.79	CNA
ritlabs	tinyweb	1.80	CNA
ritlabs	tinyweb	1.81	CNA
ritlabs	tinyweb	1.82	CNA
ritlabs	tinyweb	1.83	CNA
ritlabs	tinyweb	1.84	CNA
ritlabs	tinyweb	1.85	CNA
ritlabs	tinyweb	1.86	CNA
ritlabs	tinyweb	1.87	CNA
ritlabs	tinyweb	1.88	CNA
ritlabs	tinyweb	1.89	CNA
ritlabs	tinyweb	1.90	CNA
ritlabs	tinyweb	1.91	CNA
ritlabs	tinyweb	1.92	CNA
ritlabs	tinyweb	1.93	CNA
ritlabs	tinyweb	1.94	CNA

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://nathan2.com/posts/tinyweb/

https://vuldb.com/cve/CVE-2026-12200

https://vuldb.com/submit/829894

https://vuldb.com/vuln/370842

https://vuldb.com/vuln/370842/cti