{"vulnerability": "CVE-2026-1331", "sightings": [{"uuid": "f1226288-ed70-4bf9-89e9-2f2d436916c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-1331", "type": "seen", "source": "https://www.twcert.org.tw/en/cp-139-10651-ff09c-2.html", "content": "", "creation_timestamp": "2026-01-22T08:07:00.000000Z"}, {"uuid": "b12e86b7-aaab-4307-bd4d-69d08f4f4fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1331", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mcyvb7w2x72o", "content": "", "creation_timestamp": "2026-01-22T09:38:43.025848Z"}, {"uuid": "97c127c9-17ba-4ba1-8f21-83ed259a446b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-13311", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp3qussy5o2f", "content": "ljharb shell-quote <=1.8.4 has a HIGH severity flaw (CVE-2026-13311): attackers can block Node.js with crafted input, causing DoS. Upgrade to 1.8.5+ to mitigate. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-13311-cwe-407-inefficient-algorithmic-com-ed9f913ba365deea #OffSeq #NodeJS #Vulnerability", "creation_timestamp": "2026-06-25T06:00:31.047972Z"}, {"uuid": "34d1d924-6819-4c29-b23a-6e6ca02d866f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-13311", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116809218637128816", "content": "ljharb shell-quote <=1.8.4 is impacted by CVE-2026-13311 (HIGH). Inefficient parsing can let attackers trigger DoS by blocking the Node.js event loop. Patch to 1.8.5+ now! \ud83d\udee1\ufe0f https://radar.offseq.com/threat/cve-2026-13311-cwe-407-inefficient-algorithmic-com-ed9f913ba365deea #OffSeq #InfoSec #NodeJS #CVE202613311", "creation_timestamp": "2026-06-25T06:00:36.689490Z"}, {"uuid": "0853e8a6-adc9-4343-a942-7423cd5e961b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-13311", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3tfu46xc26", "content": "CVE-2026-13311 - shell-quote parse() is quadratic in token count, enabling denial of service\nCVE ID : CVE-2026-13311\n \n Published : June 25, 2026, 4:48 a.m. | 56\u00a0minutes ago\n \n Description : shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.co...", "creation_timestamp": "2026-06-25T06:45:49.251017Z"}]}