A newly disclosed flaw exposes internet-facing MajorDoMo servers to unauthenticated remote code execution via a broken authentication flow and unsafe dynamic PHP evaluation. The vulnerability (CVE-2026-27174) stems from the /admin.php request flow, where improper handling of unauthorized access allows execution to continue even after a redirect, effectively bypassing access controls. That continued execution exposes an […]
The post New MajorDoMo RCE Vulnerability Exposes Servers to Code Execution Attacks appeared first on Cyber Security News.