CVE-2026-8209

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

CWE	CWE-23
Vendor	gibbonedu
Product	gibbon
Published	May 9, 2026

Stay Ahead of the Next One

Get instant alerts for gibbonedu gibbon

Be the first to know when new unknown vulnerabilities affecting gibbonedu gibbon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gibbonedu / gibbon

0 < 30.0.01

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/GibbonEdu/core/releases/tag/v30.0.01 projectblack.io: https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#denial-of-service-via-path-traversal