{"vulnerability": "CVE-2026-44666", "sightings": [{"uuid": "128c4fa2-bf21-4dac-a6e7-9896c0babbc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44666", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu7lyx2bd2h", "content": "CVE-2026-44666 - HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution\nCVE ID : CVE-2026-44666\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion s...", "creation_timestamp": "2026-05-15T01:47:07.602522Z"}, {"uuid": "533cd363-4163-4144-8cf1-aeec1d2c1ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44666", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mltznm4m4d2f", "content": "CRITICAL: OS command injection in zelon88 HRConvert2 < 3.3.8 lets attackers run arbitrary OS commands. Upgrade to 3.3.8 ASAP to secure your systems! https://radar.offseq.com/threat/cve-2026-44666-cwe-78-improper-neutralization-of-s-fac9c425 #OffSeq #Vulnerability #SecurityAlert", "creation_timestamp": "2026-05-15T00:00:39.172344Z"}, {"uuid": "567d1fbc-9301-45d8-a3d5-db481e34ca5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44666", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116575648891629346", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-44666 in zelon88 HRConvert2 (< 3.3.8) enables OS command injection via unsafe sanitizeString() handling of backtick & tab chars. Patch to 3.3.8 ASAP. Impact: full server compromise possible. Details: https://radar.offseq.com/threat/cve-2026-44666-cwe-78-improper-neutralization-of-s-fac9c425 #OffSeq #Vuln #Infosec", "creation_timestamp": "2026-05-15T00:00:58.285191Z"}]}