{"vulnerability": "CVE-2026-40478", "sightings": [{"uuid": "4cbfc5bf-0d7d-484b-b34c-116ab8e4d880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "published-proof-of-concept", "source": "Telegram/tNtN6ajST1i0h_Z4W2szdcVpxF1Em9wIkkVyc-W9Ntpka1A", "content": "", "creation_timestamp": "2026-04-17T23:20:34.000000Z"}, {"uuid": "878b6eac-2386-419c-bc0e-fc592df58d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjq4jah7bm26", "content": "", "creation_timestamp": "2026-04-17T23:50:51.624485Z"}, {"uuid": "3cce2cdc-6387-4d36-9ab2-0e434ecd63c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkeoktpjsf2p", "content": "", "creation_timestamp": "2026-04-26T04:07:08.249705Z"}, {"uuid": "bd55fe42-a878-44d4-a505-863439b0967c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkoildefdb2g", "content": "The latest update for #Snyk includes \"'A Mini Shai-Hulud Has Appeared': Bun-Based Stealer Hits #SAP @cap-js and mbt npm Packages\" and \"Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)\".\n \n#CyberSecurity #DevOps #OpenSource https://opsmtrs.com/3yzKsZo", "creation_timestamp": "2026-04-30T01:46:38.614063Z"}, {"uuid": "4b9e9881-5eb9-4c76-9fb3-47d697340d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "seen", "source": "https://bsky.app/profile/brianvermeer.nl/post/3mknezhgwys25", "content": "A high CVSS score does not always mean \"all hands on deck.\" It is wiser to assess the situation first before rushing into stress mode. For example, examine CVE-2026-40478 in Thymeleaf.\n\nsnyk.io/blog/thymele...", "creation_timestamp": "2026-04-29T15:10:23.346735Z"}, {"uuid": "a1c1da05-1389-4cb8-beb1-b377e9d26dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40478", "type": "seen", "source": "https://bsky.app/profile/foojay.io/post/3mm4iszh7u224", "content": "New post from @brianvermeer.nl on Foojay: A practical look at the Thymeleaf template injection vulnerability (CVE-2026-40478) and why understanding the context matters more than the panic.\n\nfoojay.io/today/dont-p...\n\n#Java #Security #Thymeleaf", "creation_timestamp": "2026-05-18T08:53:27.990287Z"}]}