๐Ÿ” CVE Alert

CVE-2026-54728

UNKNOWN 0.0

bunkerweb: Improper Input Validation and Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in BunkerWeb

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a low-privileged authenticated user to escalate privileges and affect confidentiality, integrity, and availability of the BunkerWeb instance. This issue is fixed in BunkerWeb version 1.6.12 and BunkerWeb PRO version 0.57.

CWE CWE-20 CWE-74
Vendor bunkerity
Product bunkerweb
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for bunkerity bunkerweb

Be the first to know when new unknown vulnerabilities affecting bunkerity bunkerweb are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

bunkerity / bunkerweb
< 1.6.12

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-254j-92cv-m443 github.com: https://github.com/bunkerity/bunkerweb/commit/685ccbbe7d204132a843a7b7fd802d1bdb3f20a9 github.com: https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.12