14 matches found
CVE-2026-61718
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...
CVE-2026-54728
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a...
CVE-2026-54728 bunkerweb: Improper Input Validation and Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in BunkerWeb
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a...
CVE-2026-54728
CVE-2026-54728 affects bunkerweb: prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated handling of Host header input in the UI/API allowed a low-privileged authenticated user to escalate privileges and impact confidentiality, integrity, and availability of the BunkerWeb instance. The i...
CVE-2026-61718
Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...
CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...
BunkerWeb 输入验证错误漏洞
BunkerWeb is an open source web application firewall from Bunkerity Open Source. An input validation error vulnerability exists in BunkerWeb version 1.6.2, which stems from URL redirection to an untrusted site and could lead to phishing attacks...
GHSA-Q9RR-H3HX-M87G BunkerWeb has Open Redirect Vulnerability in Loading Page
Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...
BunkerWeb has Open Redirect Vulnerability in Loading Page
Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...
GO-2024-3294 Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb
Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb...
CVE-2024-53264
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...
CVE-2024-53264 Open Redirect Vulnerability in Loading Page in bunkerweb
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...
CVE-2024-53264 Open Redirect Vulnerability in Loading Page in bunkerweb
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated...
BunkerWeb 输入验证错误漏洞
BunkerWeb is an open source web application firewall from Bunkerity Open Source. An input validation error vulnerability exists in BunkerWeb version 1.5.11 and earlier, which stems from the presence of an open redirection vulnerability that allows an attacker to redirect an authenticated user to ...