{"uuid": "bab627a3-371c-490d-88b9-230d0ebc8696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41248", "type": "seen", "source": "https://bsky.app/profile/hexmortem.com/post/3mkrt3po63422", "content": "CVE-2026-41248 \u2014 Clerk middleware bypass.\n\nMiddleware tests the raw URL; framework router decodes before dispatch. /api/%61dmin/users \u2192 middleware reads \"%61dmin\", PASS. Handler reads \"admin\", runs unauthenticated.\n\nAffected: @clerk/shared \u2264 3.47.3 (nextjs/nuxt/astro). Fixed b0b6675bad.", "creation_timestamp": "2026-05-01T09:32:45.015685Z"}