Remote Denial of Service in Zervit's Portable HTTP/Web Server
CVE-2025-13826

8.2HIGH

Key Information:

Vendor: Zervit
Status: Portable Http/web Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2025-13826?

The portable HTTP/web server developed by Zervit has a critical flaw that allows remote attackers to exploit it via improperly validated user input. When an attacker sends a specially crafted configuration reset request, they may trigger a denial of service condition, causing the server to become unresponsive. While the application may be restarted manually to restore functionality, this vulnerability poses a significant risk to availability, necessitating immediate attention and remediation.

Affected Version(s)

portable HTTP/Web server 0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/incorr...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Dec 1, 2025

Credit

Rafael Pedrero

CVE-2025-13826 Data

JSON