Information Disclosure Vulnerability in Vvveb Product by Givanz
CVE-2026-41931

6.9MEDIUM

Key Information:

Vendor

Givanz

Status
Vvveb
Vendor
CVE Published:
6 May 2026

What is CVE-2026-41931?

Earlier versions of Vvveb prior to 1.0.8.2 are susceptible to an information disclosure vulnerability. This flaw permits attackers, without authentication, to retrieve sensitive server data via unhandled exceptions in the password-reset module. By accessing the admin password-reset endpoint, attackers can cause fatal errors due to a missing namespace import, revealing critical details such as the server's absolute file path, internal class namespaces, and even snippets of source code through the debug exception handler. This vulnerability poses a significant risk to server integrity and confidentiality.

Affected Version(s)

Vvveb 0

References

https://github.com/givanz/Vvveb/releases/tag/1.0.8.2
release-notes
https://github.com/givanz/Vvveb/security/advisories/GHSA-...
vendor-advisory
https://www.vulncheck.com/advisories/vvveb-information-di...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Basant Kumar (@CyberWarrior9)
Hamed Kohi (@0xhamy)
VulnCheck
.