PatchSiren

bunkerity CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM bunkerity CVE published 2026-07-16

CVE-2026-61718

The BunkerWeb web UI BiscuitMiddleware authorization bypass vulnerability allowed low-privilege reader accounts to permanently delete job cache files containing sensitive configuration data. This issue was fixed in version 1.6.12. The vulnerability affects BunkerWeb versions 1.6.2 through 1.6.11. The vulnerability was reported by a security researcher and fixed by the vendor. The CVE record was published [truncated]