CVE-2026-61718
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...