CVE-2026-54728
bunkerweb: Improper Input Validation and Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in BunkerWeb
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a low-privileged authenticated user to escalate privileges and affect confidentiality, integrity, and availability of the BunkerWeb instance. This issue is fixed in BunkerWeb version 1.6.12 and BunkerWeb PRO version 0.57.
| CWE | CWE-20 CWE-74 |
| Vendor | bunkerity |
| Product | bunkerweb |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for bunkerity bunkerweb
Be the first to know when new unknown vulnerabilities affecting bunkerity bunkerweb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
bunkerity / bunkerweb
< 1.6.12