.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)        : ******************** with overline
  Sections (H3)        : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)      : """""""""""""""""""""

.. meta::
  :description: Security bulletin
  :keywords: WAPT, security, CVE, MITRE, CERT-FR, vulnerability, disclosure

#################
Security bulletin
#################

.. _CVE-2026-33591:

*****************************
WAPT-2026-06 : CVE-2026-33591
*****************************

* Brief: authentication bypass on WaptServer

* Announced: June 09, 2026

* Impact: **High**

* Products: WAPT Enterprise

* Impacted versions: Wapt Entreprise 

  * Wapt Entreprise / Discovery from 2.6.0.16767 up to 2.6.1.17787

* Description: a vulnerability in Wapt Server before version 2.6.1.17813 allows a remote unauthenticated attacker to bypass security restriction 
  using a specially crafted packet and retrive a valid session token for the targeted account

* Reporter: Brian CHERVY, System Engineer from Antiane, Réunion Team, https://antiane.com

* Published CVE: publication pending 


.. _CVE-2021-38608:

*****************************
WAPT-2021-01 : CVE-2021-38608
*****************************

* Brief: Insecure permission allows a user running as guest to escalate privileges.

* Announced: August 13, 2021.

* Impact: **High**.

* Products: WAPT Enterprise & Community.

* Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373
  and WAPT Community < 1.8.2.7373.

* Description: Insecure permission allows guest OS users to escalate
  privileges via WAPT Agent.

* Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas.

* Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.
