MEDIUM
bunkerity
CVE published 2026-07-16
CVE-2026-61718
The BunkerWeb web UI BiscuitMiddleware authorization bypass vulnerability allowed low-privilege reader accounts to permanently delete job cache files containing sensitive configuration data. This issue was fixed in version 1.6.12. The vulnerability affects BunkerWeb versions 1.6.2 through 1.6.11. The vulnerability was reported by a security researcher and fixed by the vendor. The CVE record was published [truncated]