CVE-2026-46368 | mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5 RPC Call setInitAction Name command injection (Exploit 52521 / EDB-52521)

Inserito da Angelo Barbosa | Mag 26, 2026 | CVE

A vulnerability was found in mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5. It has been classified as critical. The affected element is the function setInitAction of the component RPC Call Handler. The manipulation of the argument Name leads to command injection.

This vulnerability is uniquely identified as CVE-2026-46368. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-46368 | mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5 RPC Call setInitAction Name command injection (Exploit 52521 / EDB-52521)

Post correlati

CVE-2025-58246 | Automattic Plugin up to 6.8.2 on WordPress insertion of sensitive information into sent data

CVE-2024-53131 | Linux Kernel up to 6.1.118/6.6.62/6.11.9 nilfs2 touch_buffer null pointer dereference

CVE-2024-5915 | Palo Alto GlobalProtect App prior 6.1.5/6.2.4/6.3.1 on Windows permission assignment

CVE-2025-65892 | krpano up to 1.23.1 URL passQueryParameters xml cross site scripting