Bitrix24 broken access control enabling RCE via REST API — widely exploited by Russian threat actors against organizations in CIS region. Update Bitrix24 to latest version. Restrict REST API access to authenticated internal users only.
Broken access control in Bitrix24 cms allows remote attackers to modify content and perform code execution when REST API is exposed.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →