Medium severityNVD Advisory· Published May 9, 2026· Updated May 12, 2026

CVE-2026-8209

Description

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/GibbonEdu/core/releases/tag/v30.0.01nvd
projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000