CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28497

TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can lead to unauthorized access, security filter bypass, and potential cache poisoning. The impact is critical for servers using persistent connections (Keep-Alive). This issue has been patched in version 2.03.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.9%

CVSS Severity

CVSS v3 Score 9.1

References

Products affected by CVE-2026-28497

Ritlabs » Tinyweb » Version: 0.5

cpe:2.3:a:ritlabs:tinyweb:0.5
Ritlabs » Tinyweb » Version: 0.6

cpe:2.3:a:ritlabs:tinyweb:0.6
Ritlabs » Tinyweb » Version: 0.7

cpe:2.3:a:ritlabs:tinyweb:0.7
Ritlabs » Tinyweb » Version: 0.9

cpe:2.3:a:ritlabs:tinyweb:0.9
Ritlabs » Tinyweb » Version: 1.0

cpe:2.3:a:ritlabs:tinyweb:1.0
Ritlabs » Tinyweb » Version: 1.3

cpe:2.3:a:ritlabs:tinyweb:1.3
Ritlabs » Tinyweb » Version: 1.4

cpe:2.3:a:ritlabs:tinyweb:1.4
Ritlabs » Tinyweb » Version: 1.5

cpe:2.3:a:ritlabs:tinyweb:1.5
Ritlabs » Tinyweb » Version: 1.6

cpe:2.3:a:ritlabs:tinyweb:1.6
Ritlabs » Tinyweb » Version: 1.8

cpe:2.3:a:ritlabs:tinyweb:1.8
Ritlabs » Tinyweb » Version: 1.9

cpe:2.3:a:ritlabs:tinyweb:1.9
Ritlabs » Tinyweb » Version: 1.94

cpe:2.3:a:ritlabs:tinyweb:1.94
Ritlabs » Tinyweb » Version: 1.95

cpe:2.3:a:ritlabs:tinyweb:1.95
Ritlabs » Tinyweb » Version: 1.96

cpe:2.3:a:ritlabs:tinyweb:1.96
Ritlabs » Tinyweb » Version: 1.97

cpe:2.3:a:ritlabs:tinyweb:1.97
Ritlabs » Tinyweb » Version: 1.98

cpe:2.3:a:ritlabs:tinyweb:1.98
Ritlabs » Tinyweb » Version: 1.99

cpe:2.3:a:ritlabs:tinyweb:1.99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28497

Products

Pricing

Contact Us