Vulnerabilities ›

CVE-2026-5638

Medium

CWE-22 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-5638 is a path traversal vulnerability in HerikLyma CPPWebFramework versions up to 3.1 that allows remote attackers to manipulate file paths and access unauthorized resources. The vulnerability has public exploits available and affects unknown processing components with no vendor response.

📄 Description (Arabic)

تؤثر هذه الثغرة على معالجة غير محددة في إطار عمل CPPWebFramework وتسمح للمهاجمين البعيدين بالتلاعب بمسارات الملفات للوصول إلى موارد غير مصرح بها. تتوفر استغلالات عامة للثغرة ولم يستجب المطورون لإشعارات الكشف المبكر.

🤖 ملخص تنفيذي (AI)

This path traversal vulnerability in CPPWebFramework up to version 3.1 enables remote exploitation through file path manipulation. Public exploits are available and the vendor has not yet responded to early disclosure notifications.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 03:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1083 T1190 T1566

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade HerikLyma CPPWebFramework to a version newer than 3.1 when available. Implement input validation and sanitization for all file path parameters. Deploy Web Application Firewall (WAF) rules to detect and block path traversal attempts. Restrict file system access permissions to minimum required levels. Monitor logs for suspicious path traversal patterns.

🔧 خطوات المعالجة (العربية)

قم بترقية إطار عمل HerikLyma CPPWebFramework إلى إصدار أحدث من 3.1 عند توفره فوراً. طبق التحقق من صحة المدخلات وتنظيفها لجميع معاملات مسارات الملفات. نشر قواعد جدار حماية تطبيقات الويب لكشف ومنع محاولات اجتياز المسار. قيد أذونات الوصول لنظام الملفات للحد الأدنى المطلوب. راقب السجلات للكشف عن أنماط اجتياز مسار مريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.2.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.6.1.1 A.13.1.1 A.13.1.3 A.14.1.1

🔗 References & Sources 6

🔗

https://github.com/HerikLyma/CPPWebFramework/

cna@vuldb.com

🔗

https://github.com/HerikLyma/CPPWebFramework/issues/40

cna@vuldb.com

🔗

https://github.com/HerikLyma/CPPWebFramework/issues/40#issue-4118436068

cna@vuldb.com

🔗

https://vuldb.com/submit/785952

cna@vuldb.com

🔗

https://vuldb.com/vuln/355426

cna@vuldb.com

🔗

https://vuldb.com/vuln/355426/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-22

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5638

💬 Comments

Introduce Yourself

Sign In Required