Improper input validation in Bunkerity Bunkerweb

CVE-2026-54728

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-cont…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

Affected products

Weakness classification (CWE)

References