Threatpost: 06/7/22
“CVE-2022-26134 is about as bad as it gets,” observed Naveen Sunkavalley, chief architect of security firm Horizon3.ai, in an email to Threatpost. Key issues are that the vulnerability is quite easy both to find and exploit, with the latter possible using a single HTTP GET request, he said.