Fix for CVE-2026-8037

Fixed a command injection Remote Code Execution (RCE) vulnerability in the cipher set UI and API command; these have been updated to prevent unintended execution of remote commands. Refer to the CVE details for more information.

Fix for CVE-2026-33691

Fixed an issue with the OWASP Core Rule Set where it failed to normalize whitespaces in filenames before applying the extension‑checking regular expression

Refer to the CVE details for more information.