AttackFeed by Joe Wagner | [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability  - Full Disclosure

[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability  – Full Disclosure

Posted on By Joe-W No Comments on [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability  – Full Disclosure
Alert Feeds

 

Posted by cyber security on Apr 02

A vulnerability was identified in OWASP CRS where whitespace padding
in filenames can bypass file upload extension checks, allowing uploads
of dangerous files such as .php, .phar, .jsp, and .jspx. This issue
has been assigned CVE‑2026‑33691.

Impact: Attackers may evade CRS protections and upload web shells
disguised with whitespace‑padded extensions. Exploitation is most
practical on Windows backends that normalize whitespace in filenames…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)  – Full Disclosure
January 26, 2026
Alert Feeds
SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI  – Full Disclosure
April 3, 2026
Alert Feeds
Bioformats v8.3.0 Untrusted Deserialization of Bio-Formats Memoizer Cache Files  – Full Disclosure
January 6, 2026
Alert Feeds
APPLE-SA-02-11-2026-7 watchOS 26.3  – Full Disclosure
February 16, 2026

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.