CVE-2026-61718 in bunkerweb정보

요약

\~에 의해 MITRE • 2026. 07. 16.

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @login_required, including POST /cache/delete, allowed low-privilege read-only reader accounts to permanently delete job cache files containing blacklist, greylist, DNSBL, CrowdSec, GeoIP, ModSecurity CRS, Let's Encrypt, ACME, and custom configuration data. This issue is fixed in version 1.6.12.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

책임이 있는

GitHub M

예약하다

2026. 07. 10.

모더레이션

수락

항목

VDB-379627

EPSS

0.00000

활동

낮음

출처

Do you know our Splunk app?

Download it now for free!