CVE-2026-41931— Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41931
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error caused by a missing namespace import, which exposes the absolute server file path, internal class namespaces, line numbers, and source code excerpts through the debug exception handler rendered to unauthenticated requests.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的默认资源初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vvveb 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vvveb是Givan个人开发者的一个强大且易于使用的CMS,用于构建网站、博客或电子商务商店。 Vvveb 1.0.8.2之前版本存在安全漏洞,该漏洞源于密码重置模块中未处理异常导致信息泄露,可能导致未认证攻击者获取绝对服务器路径、内部类命名空间、行号和源代码片段。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41931
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41931
请登录查看更多情报信息。
- Release Vvveb 1.0.8.2 · givanz/Vvveb · GitHubrelease-notes
- https://nvd.nist.gov/vuln/detail/CVE-2026-41931
Same Patch Batch · givanz · 2026-05-06 · 5 CVEs total
| CVE-2026-41930 | 9.8 CRITICAL | Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin |
| CVE-2026-41938 | 8.8 HIGH | Vvveb < 1.0.8.2 RCE via Media Upload Handler |
| CVE-2026-41934 | 8.8 HIGH | Vvveb < 1.0.8.2 Authenticated RCE via Code Editor |
| CVE-2026-41936 | 8.1 HIGH | Vvveb < 1.0.8.2 XML External Entity Injection via Import |
IV. Related Vulnerabilities
Same product: Vvveb
- CVE-2026-41937
Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Uplo - CVE-2026-41935
Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service - CVE-2026-41933
Vvveb < 1.0.8.3 Directory Listing Information Disclosure - CVE-2026-41932
Vvveb < 1.0.8.3 Stored XSS via Signup Controller - CVE-2026-41928
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Same vendor: givanz
- CVE-2026-41937
Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Uplo - CVE-2026-41935
Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service - CVE-2026-41933
Vvveb < 1.0.8.3 Directory Listing Information Disclosure - CVE-2026-41932
Vvveb < 1.0.8.3 Stored XSS via Signup Controller - CVE-2026-41928
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller
Same weakness: CWE-1188
- CVE-2026-30805
Insecure Default Initialization in API Authentication leads - CVE-2026-6866
Initialization of a Resource with an Insecure Default vulner - CVE-2026-27662
Siemens SIMATIC HMI Comfort Panels 安全漏洞 - CVE-2026-44109
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webho - CVE-2026-43581
OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via
V. Comments for CVE-2026-41931
No comments yet