Security bulletin

WAPT-2026-06 : CVE-2026-33591

  • Brief: authentication bypass on WaptServer

  • Announced: June 09, 2026

  • Impact: High

  • Products: WAPT Enterprise

  • Impacted versions: Wapt Entreprise

    • Wapt Entreprise / Discovery from 2.6.0.16767 up to 2.6.1.17787

  • Description: a vulnerability in Wapt Server before version 2.6.1.17813 allows a remote unauthenticated attacker to bypass security restriction using a specially crafted packet and retrive a valid session token for the targeted account

  • Reporter: Brian CHERVY, System Engineer from Antiane, Réunion Team, https://antiane.com

  • Published CVE: publication pending

WAPT-2021-01 : CVE-2021-38608

  • Brief: Insecure permission allows a user running as guest to escalate privileges.

  • Announced: August 13, 2021.

  • Impact: High.

  • Products: WAPT Enterprise & Community.

  • Impacted versions: WAPT Enterprise < 2.0.0.9450, WAPT Enterprise < 1.8.2.7373 and WAPT Community < 1.8.2.7373.

  • Description: Insecure permission allows guest OS users to escalate privileges via WAPT Agent.

  • Reporter: Anass ANNOUR from the ORM/ITT&AC Risk Assessment Team, BNPParibas.

  • Published CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38608.