Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
TinyWeb Web Server: Integer Overflow Allows Unauthorized Access
CVE-2026-28497
Summary
Prior to version 2.03, the TinyWeb web server has a security flaw that could allow an attacker to access sensitive data without being authorized. This could happen when the server uses a feature called Keep-Alive, which is still common in many web servers. Update to version 2.03 or later to fix this issue.
Original title
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthentica...
Original description
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can lead to unauthorized access, security filter bypass, and potential cache poisoning. The impact is critical for servers using persistent connections (Keep-Alive). This issue has been patched in version 2.03.
nvd CVSS4.0
9.3
Vulnerability type
CWE-190
Integer Overflow
CWE-444
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026