
What you need to know today.
Critical SSRF in osTicket, RCE in Coturn, and ModSecurity bypasses lead today's security brief.
Multiple vulnerabilities have been disclosed across various software, with a critical SSRF in osTicket (CVE-2020-24881) allowing server compromise. Coturn, a TURN server, faces critical flaws including arbitrary code execution via SQL injection (CVE-2026-53448) and local service exposure (CVE-2026-53450). Additionally, ModSecurity, a web application firewall, has vulnerabilities (CVE-2026-52747, CVE-2026-52761) that could allow rule bypass.