A vulnerability was found in mossdef-org luci-app-https-dns-proxy up to 2025.12.29-5 . It has been classified as critical . The affected element is the function setInitAction of the component RPC Call Handler . The manipulation of the argument Name leads to command injection. This vulnerability is uniquely identified as CVE-2026-46368 . The attack is possible to be carried out remotely. Moreover, an exploit is present.