{"uuid": "e7f74639-711d-4edd-97b1-bf64df0adc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28318", "type": "seen", "source": "https://bsky.app/profile/todb2.hugesuccess.org/post/3mnks2yssm6q2", "content": "w/r/t CVE-2026-28318 - I kinda like the mitigation guidance of \"well just block HTTP clients from sending `Content-encoding: deflate` on POSTs and you're good. Which sounded crazy to me, but is it?\n\nI know POSTs can be compressed, but I'd expect clients to use `gzip` pretty much exclusively. The [\u2026]", "creation_timestamp": "2026-06-05T18:42:19.552052Z"}