PatchSiren cyber security CVE debrief
CVE-2026-12200 Ritlabs CVE debrief
A stack-based buffer overflow vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. The vulnerability impacts an unknown function in the library libeay32.dll of the Header Handler component. The manipulation of the argument Authorization leads to the vulnerability. The attack can be initiated remotely and has been disclosed publicly.
- Vendor
- Ritlabs
- Product
- TinyWeb Server
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Ritlabs TinyWeb Server up to 1.94 on Win32 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity. It is related to CWE-119 and CWE-121. The vulnerability allows for remote exploitation and has been publicly disclosed.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to Ritlabs TinyWeb Server to version 1.95 or later.
- Restrict access to the affected component or disable it if not required.
- Monitor for suspicious activity and implement additional security measures to detect and prevent exploitation.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2026-12200 was published and modified on 2026-06-15T01:16:24.667Z.