Ritlabs TinyWeb Server up to 1.94 on Win32 Header libeay32.dll.html Authorization stack-based overflow

Summaryinfo

A vulnerability labeled as critical has been found in Ritlabs TinyWeb Server up to 1.94 on Win32. Affected is an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization results in stack-based overflow. This vulnerability is reported as CVE-2026-12200. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Detailsinfo

A vulnerability was found in Ritlabs TinyWeb Server up to 1.94 on Win32. It has been classified as critical. Affected is an unknown part in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization with an unknown input leads to a stack-based overflow vulnerability. CWE is classifying the issue as CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This is going to have an impact on confidentiality, integrity, and availability.

The advisory is available at nathan2.com. This vulnerability is traded as CVE-2026-12200. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.

The exploit is shared for download at nathan2.com. It is declared as proof-of-concept. The vendor was contacted early about this disclosure but did not respond in any way. By approaching the search of inurl:libeay32.dll.html it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Web Server

Vendor

• Ritlabs

Name

• TinyWeb Server

Version

• 1.0
• 1.1
• 1.2
• 1.3
• 1.4
• 1.5
• 1.6
• 1.7
• 1.8
• 1.9
• 1.10
• 1.11
• 1.12
• 1.13
• 1.14
• 1.15
• 1.16
• 1.17
• 1.18
• 1.19
• 1.20
• 1.21
• 1.22
• 1.23
• 1.24
• 1.25
• 1.26
• 1.27
• 1.28
• 1.29
• 1.30
• 1.31
• 1.32
• 1.33
• 1.34
• 1.35
• 1.36
• 1.37
• 1.38
• 1.39
• 1.40
• 1.41
• 1.42
• 1.43
• 1.44
• 1.45
• 1.46
• 1.47
• 1.48
• 1.49
• 1.50
• 1.51
• 1.52
• 1.53
• 1.54
• 1.55
• 1.56
• 1.57
• 1.58
• 1.59
• 1.60
• 1.61
• 1.62
• 1.63
• 1.64
• 1.65
• 1.66
• 1.67
• 1.68
• 1.69
• 1.70
• 1.71
• 1.72
• 1.73
• 1.74
• 1.75
• 1.76
• 1.77
• 1.78
• 1.79
• 1.80
• 1.81
• 1.82
• 1.83
• 1.84
• 1.85
• 1.86
• 1.87
• 1.88
• 1.89
• 1.90
• 1.91
• 1.92
• 1.93
• 1.94

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Submitinfo

Accepted

• Submit #829894: RITLabs TinyWeb 1.94 Stack-based Buffer Overflow (by nathan2)

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion