CVE-2026-12200

Summary

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
RitlabsTinyWeb Server1.0affected
RitlabsTinyWeb Server1.1affected
RitlabsTinyWeb Server1.2affected
RitlabsTinyWeb Server1.3affected
RitlabsTinyWeb Server1.4affected
RitlabsTinyWeb Server1.5affected
RitlabsTinyWeb Server1.6affected
RitlabsTinyWeb Server1.7affected
RitlabsTinyWeb Server1.8affected
RitlabsTinyWeb Server1.9affected
RitlabsTinyWeb Server1.10affected
RitlabsTinyWeb Server1.11affected
RitlabsTinyWeb Server1.12affected
RitlabsTinyWeb Server1.13affected
RitlabsTinyWeb Server1.14affected
RitlabsTinyWeb Server1.15affected
RitlabsTinyWeb Server1.16affected
RitlabsTinyWeb Server1.17affected
RitlabsTinyWeb Server1.18affected
RitlabsTinyWeb Server1.19affected
RitlabsTinyWeb Server1.20affected
RitlabsTinyWeb Server1.21affected
RitlabsTinyWeb Server1.22affected
RitlabsTinyWeb Server1.23affected
RitlabsTinyWeb Server1.24affected
RitlabsTinyWeb Server1.25affected
RitlabsTinyWeb Server1.26affected
RitlabsTinyWeb Server1.27affected
RitlabsTinyWeb Server1.28affected
RitlabsTinyWeb Server1.29affected
RitlabsTinyWeb Server1.30affected
RitlabsTinyWeb Server1.31affected
RitlabsTinyWeb Server1.32affected
RitlabsTinyWeb Server1.33affected
RitlabsTinyWeb Server1.34affected
RitlabsTinyWeb Server1.35affected
RitlabsTinyWeb Server1.36affected
RitlabsTinyWeb Server1.37affected
RitlabsTinyWeb Server1.38affected
RitlabsTinyWeb Server1.39affected
RitlabsTinyWeb Server1.40affected
RitlabsTinyWeb Server1.41affected
RitlabsTinyWeb Server1.42affected
RitlabsTinyWeb Server1.43affected
RitlabsTinyWeb Server1.44affected
RitlabsTinyWeb Server1.45affected
RitlabsTinyWeb Server1.46affected
RitlabsTinyWeb Server1.47affected
RitlabsTinyWeb Server1.48affected
RitlabsTinyWeb Server1.49affected
RitlabsTinyWeb Server1.50affected
RitlabsTinyWeb Server1.51affected
RitlabsTinyWeb Server1.52affected
RitlabsTinyWeb Server1.53affected
RitlabsTinyWeb Server1.54affected
RitlabsTinyWeb Server1.55affected
RitlabsTinyWeb Server1.56affected
RitlabsTinyWeb Server1.57affected
RitlabsTinyWeb Server1.58affected
RitlabsTinyWeb Server1.59affected
RitlabsTinyWeb Server1.60affected
RitlabsTinyWeb Server1.61affected
RitlabsTinyWeb Server1.62affected
RitlabsTinyWeb Server1.63affected
RitlabsTinyWeb Server1.64affected
RitlabsTinyWeb Server1.65affected
RitlabsTinyWeb Server1.66affected
RitlabsTinyWeb Server1.67affected
RitlabsTinyWeb Server1.68affected
RitlabsTinyWeb Server1.69affected
RitlabsTinyWeb Server1.70affected
RitlabsTinyWeb Server1.71affected
RitlabsTinyWeb Server1.72affected
RitlabsTinyWeb Server1.73affected
RitlabsTinyWeb Server1.74affected
RitlabsTinyWeb Server1.75affected
RitlabsTinyWeb Server1.76affected
RitlabsTinyWeb Server1.77affected
RitlabsTinyWeb Server1.78affected
RitlabsTinyWeb Server1.79affected
RitlabsTinyWeb Server1.80affected
RitlabsTinyWeb Server1.81affected
RitlabsTinyWeb Server1.82affected
RitlabsTinyWeb Server1.83affected
RitlabsTinyWeb Server1.84affected
RitlabsTinyWeb Server1.85affected
RitlabsTinyWeb Server1.86affected
RitlabsTinyWeb Server1.87affected
RitlabsTinyWeb Server1.88affected
RitlabsTinyWeb Server1.89affected
RitlabsTinyWeb Server1.90affected
RitlabsTinyWeb Server1.91affected
RitlabsTinyWeb Server1.92affected
RitlabsTinyWeb Server1.93affected
RitlabsTinyWeb Server1.94affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References