{"uuid": "567d1fbc-9301-45d8-a3d5-db481e34ca5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44666", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116575648891629346", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-44666 in zelon88 HRConvert2 (< 3.3.8) enables OS command injection via unsafe sanitizeString() handling of backtick & tab chars. Patch to 3.3.8 ASAP. Impact: full server compromise possible. Details: https://radar.offseq.com/threat/cve-2026-44666-cwe-78-improper-neutralization-of-s-fac9c425 #OffSeq #Vuln #Infosec", "creation_timestamp": "2026-05-15T00:00:58.285191Z"}