CVE-2026-8209
Received Received - Intake
Path Traversal in Gibbon LMS Before v30.0.01

Publication date: 2026-05-09

Last updated on: 2026-05-09

Assigner: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

Description
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-09
Generated
2026-06-19
AI Q&A
2026-05-09
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8209
EUVD
EUVD-2026-28899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gibbon core to 30.0.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability results in a denial of service (DoS) condition by causing loss of availability of the web application when exploited. Since availability is a key aspect of many compliance standards such as GDPR and HIPAA, this vulnerability could negatively impact compliance by disrupting access to the application and potentially affecting the availability of sensitive data or services.

However, the provided information does not explicitly discuss the impact on compliance with specific standards or regulations.

Detection Guidance

Detection of this vulnerability involves monitoring for attempts to exploit path traversal or ZIP extraction features in the Gibbon web application, especially by users with Teacher or higher privileges.

Since exploitation involves uploading ZIP files containing PHP files and triggering extraction failures that cause denial of service, you can look for unusual .zip file upload attempts or failed extraction logs.

Commands to detect such activity might include:

  • Checking web server logs for POST requests to ZIP upload endpoints, e.g., using grep:
  • grep -i 'POST' /var/log/apache2/access.log | grep '.zip'
  • Monitoring application logs for errors related to ZIP extraction failures or file deletions.
  • Using file integrity monitoring to detect unexpected deletions of PHP files in the web application directory.
  • Reviewing user activity logs for Teacher or higher privilege accounts performing suspicious file upload or extraction actions.
Mitigation Strategies

The primary mitigation step is to upgrade Gibbon to version 30.0.01 or later, where this vulnerability has been addressed.

Until the upgrade can be applied, restrict or monitor users with Teacher or higher privileges from uploading ZIP files or performing actions that trigger ZIP extraction.

Additionally, consider implementing strict input validation and file upload restrictions to prevent malicious ZIP files from being processed.

Monitoring and alerting on failed ZIP extraction attempts and unexpected file deletions can help detect exploitation attempts early.

Executive Summary

This vulnerability affects Gibbon versions before v30.0.01 and is a path traversal issue that can lead to a denial of service (DOS). It occurs when an attacker with Teacher or higher privileges attempts to extract web application PHP files using a .zip file. If the extraction fails, the .zip file is deleted, causing a DOS condition by making the web application unavailable.

Impact Analysis

Exploitation of this vulnerability can result in loss of availability of the web application, causing a denial of service (DOS). This means users may be unable to access the application, disrupting normal operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8209. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart