CVE-2026-33691 OWASP <3.3.9

ciao70

• April 01, 2026 15:19

Hi,

CVE-2026-33691

OWASP CRS

Affected versions

< 4.25.0

< 3.3.9

Patched versions

4.25.0

3.3.9

 

https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w

Cpanel has planned the transition from OWASP 3.3.x to 4.25.0 (LTS)?

https://coreruleset.org/20260330/migrating-crs-3-to-4-part-1-overview/

• 

  William Del Piero cPanel Staff

  • April 01, 2026 19:40

  Hi,

   

  It looks like our security team is aware of the vulnerability and have created an internal case SEC-71679 to work on a patch. Although I cannot offer an ETA on the resolution, the case ID should be mentioned in our changelogs once a fix is released:

   

  https://docs.cpanel.net/changelogs/

   

  At this time, we do not have an announced migration plan from the OWASP CRS 3.3.x branch to the 4.x (LTS) series, but this vulnerability is actively being reviewed by our security team.

  0
• 

  ciao70

  • April 01, 2026 19:42

  Thanks :)

  0

Please sign in to leave a comment.