Hello, Debian Security Team
that is 15 days, the cve still not patched, https://nvd.nist.gov/vuln/detail/CVE-2026-33691 it is already **High** Officialy by NIST, and a metasploit evaison module, will be soon published and i will open a pr linked to the issue **https://github.com/rapid7/metasploit-framework/issues/21228** and PRs is open **https://github.com/MarkLee131/awesome-web-pocs/pull/1**, you left users vulnerable to attacks. Only unstable users benefit from the patch, latest users remaining fully vulnerable, Users are waiting for patches from Debian, and it still not patched Best Regards, RelunSec
