CVE-2026-27480: Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames
A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks.
References
- github.com/advisories/GHSA-qhp6-635j-x7r2
- github.com/static-web-server/static-web-server
- github.com/static-web-server/static-web-server/commit/7bf0fd425eb10dac9bf9ef5febce12c4dd039ce1
- github.com/static-web-server/static-web-server/security/advisories/GHSA-qhp6-635j-x7r2
- nvd.nist.gov/vuln/detail/CVE-2026-27480
Code Behaviors & Features
Detect and mitigate CVE-2026-27480 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →