{"uuid": "0eb7f805-a6ad-4e05-a90e-01016b40ba68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqoolhshzv2b", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:15.651929Z"}