Improper input validation in Bunkerity Bunkerweb
CVE-2026-54728
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-cont…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Bunkerity Bunkerweb — versions < 1.6.12
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)