Over 50% of 90,310 hosts are exposing an unpatched security flaw in their Tinyproxy service. Identified as CVE-2023-49606, the flaw allows an attacker to trigger memory corruption and potentially achieve remote code execution. As per Censys, around 57% of these hosts run a vulnerable version of Tinyproxy, primarily in the US, South Korea, China, France, and Germany. Users are advised to update and avoid exposing the Tinyproxy service to the public internet.