EEF-CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Summary Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via script\alias. When script\alias maps a URL prefix to a directory outside DocumentRoot, mod\auth evaluates directory-based access...