CVE-2026-61718
Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...