This tweet mentions a CVE-2021-44228 which has a CVSS score of 9.8, indicating a critical vulnerability. The tweet suggests that this may have been a simple WAF bypass rather than an RCE. More information is needed to determine the specifics of the bypass. Stay tuned for updates.
Original tweet: https://twitter.com/irsdl/status/1773875547149328625