CVE-2026-46368 | mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5 RPC Call setInitAction Name command injection (Exploit 52521 / EDB-52521)

A vulnerability was found in mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5. It has been classified as critical. The affected element is the function setInitAction of the component RPC Call Handler. The manipulation of the argument Name leads to command injection.

This vulnerability is uniquely identified as CVE-2026-46368. The attack is possible to be carried out remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More