MEDIUM
Projectblack
CVE published 2026-05-09
CVE-2026-8209
CVE-2026-8209 is an authenticated path traversal issue in Gibbon versions before v30.0.01. According to the CVE record, a user with Teacher or higher privileges can trigger archive extraction against web application PHP files; if .zip extraction fails, a file can be deleted, leading to denial of service and loss of application availability. The referenced GibbonEdu v30.0.01 release is the fixed version.