{"uuid": "20942a68-8204-4966-becc-da6028e8f1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116923900456799491", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:35.487574Z"}