Security bulletin

WAPT-2026-06 : CVE-2026-xxxxx

• Brief: authentication bypass on WaptServer

• Announced: June 09, 2026.

• Impact: High.

• Products: WAPT Enterprise

• Impacted versions: WAPT Enterprise from 2.6.0.16767 up to 2.6.1.17787

• Description: authentication bypass on WaptServer

• Reporter: Brian CHERVY from Antiane Réunion branch https://antiane.com

• Published CVE: not yet assigned

WAPT-2021-01 : CVE-2021-38608

• Brief: Insecure permission allows a user running as guest to escalate privileges.

• Announced: August 13, 2021.

• Impact: High.

• Products: WAPT Enterprise & Community.

• Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373 and WAPT Community < 1.8.2.7373.

• Description: Insecure permission allows guest OS users to escalate privileges via WAPT Agent.

• Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas.

• Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.