CVE-2026-8209

EUVD-2026-28899
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PRJBLKCNA
6.9 MEDIUM
NETWORK
HIGH
HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gibbonedugibbon
𝑥
< 30.0.1
CNA
Common Weakness Enumeration
References
https://github.com/GibbonEdu/core/releases/tag/v30.0.01
https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#denial-of-service-via-path-traversal