[CRITICAL]: bunkerweb still use v3.3.8 and v4.24.0

[HackingRepo]

Why?

Those versions are vulnerable to CVE-2026-33691, It have been patched on v4.25.0 LTS and v3.3.9 and bunkerweb waf still use them making it vulnerable.

Action

Upgrade the bundled CRS immediately @TheophileDiot @fl0ppy-d1sk and release a new version for bunkerweb waf, for resolve the CVE

[TheophileDiot]

Hi @HackingRepo, thank you for reporting this, we'll update them for the next release.