Information Disclosure Vulnerability in Algernon Web Server by xyproto
CVE-2026-45728

7.5HIGH

Key Information:

Vendor: Xyproto
Status: Algernon
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-45728?

The Algernon web server, used for serving web applications, contains a vulnerability that allows for information disclosure when running in single file mode with debug mode enabled. This occurs prior to version 1.17.7. If invoked with a single file, the server exposes sensitive information by dumping the absolute file path, content, and detailed error messages in response to client requests. This means that any client capable of triggering a runtime error can access sensitive server-side source code and potentially compromise the integrity and confidentiality of the server's data. The vulnerability is mitigated in version 1.17.7.

Affected Version(s)

algernon < 1.17.7

References

https://github.com/xyproto/algernon/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45728 Data

JSON

Xyproto

What is CVE-2026-45728?

Affected Version(s)

References

CVSS V3.1

Timeline