{"vulnerability": "CVE-2026-4670", "sightings": [{"uuid": "02160490-9a82-4566-a9b3-9cbaf370b24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-410", "content": "", "creation_timestamp": "2026-04-30T12:52:32.000000Z"}, {"uuid": "85a2900f-a15e-41c0-a06c-ec6612b0507f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkpzzf5hzb2c", "content": "CVE-2026-4670 - Improper Authentication vulnerability in Progress MOVEit Automation\nCVE ID : CVE-2026-4670\n \n Published : April 30, 2026, 3:06 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Aut...", "creation_timestamp": "2026-04-30T16:31:23.972829Z"}, {"uuid": "9b019eb5-2d50-46ba-a614-e65956603484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkq4j2nufc2e", "content": "CVE-2026-4670 - Improper Authentication vulnerability in Progress MOVEit Automation\nCVE ID : CVE-2026-4670\n \n Published : April 30, 2026, 3:06 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Aut...", "creation_timestamp": "2026-04-30T17:15:56.847082Z"}, {"uuid": "795fb703-494c-448e-95e5-f659103143ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkq5rkrm6f2n", "content": "\ud83d\udd34 CVE-2026-4670 - Critical (9.8)\n\nAuthentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation al...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4670/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-04-30T17:38:37.169210Z"}, {"uuid": "bcfd1045-4dcb-4190-9af3-65b399d86eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3mkrfww5nis2y", "content": "MOVEit Automation Critical Security Alert Bulletin \u2013 April 2026 \u2013\n(CVE-2026-4670, CVE-2026-5174)\nURL: community.progress.com/s/article/MO...\nClassification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8", "creation_timestamp": "2026-05-01T05:37:25.581159Z"}, {"uuid": "aed3ac92-9d81-48f8-ba8d-e5562ff7b634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4670", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkqt4re3442p", "content": "\ud83d\udea8 CRITICAL auth bypass in MOVEit Automation (CVSS 9.8). Affected: 2025.0.0 < 2025.0.9, 2024.0.0 < 2024.1.8, prior. Patch status unknown \u2014 restrict exposure & monitor advisories. https://radar.offseq.com/threat/cve-2026-4670-cwe-305-authentication-bypass-by-pri-dff96cb4 #OffSeq #MOVEit #CVE20264670", "creation_timestamp": "2026-05-01T00:00:41.664958Z"}, {"uuid": "bba735d4-4e1f-44a8-aba9-df97ae3fe9e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mkrwxlse6v26", "content": "Critical & high vulns in MOVEit Automation enable auth bypass + priv esc via backend command ports.\n\nCVE-2026-4670\nCVE-2026-5174\n\nMOVEit has been targeted by ransomware groups in the past in mass e\u2026\n\n\ud83d\udd01 RT @ethicalhack3r | reposted by @HackingLZ\nhttps://x.com/ethicalhack3r/status/2050158082911519113", "creation_timestamp": "2026-05-01T10:42:02.089687Z"}, {"uuid": "9ad56dd2-2ca3-4a46-84c5-8f0bec4fe37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4670", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116496376678191120", "content": "\ud83d\udea8 CVE-2026-4670 (CVSS 9.8): CRITICAL auth bypass in MOVEit Automation (2025.0.0 < 2025.0.9, 2024.0.0 < 2024.1.8, prior). Patch pending \u2014 restrict access & monitor advisories. No known in-the-wild exploits. https://radar.offseq.com/threat/cve-2026-4670-cwe-305-authentication-bypass-by-pri-dff96cb4 #OffSeq #MOVEit #CVE20264670", "creation_timestamp": "2026-05-01T00:01:08.454906Z"}, {"uuid": "e66415b2-4758-4702-9b35-c2ea389a0876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116557691694620676", "content": "\ud83d\udcf0 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)\n\ud83d\udea8 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-05-11T19:53:54.363980Z"}, {"uuid": "ae5fc6d2-0fe6-417b-b74e-2aa95ddd5327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mkzwrwomoc2j", "content": "Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)\n\n\ud83d\udcd6 Read more:\nwww.helpnetsecurity.com/2026/05/04/c...\n\n#CyberSecurity #CyberSecurityNews #CVE", "creation_timestamp": "2026-05-04T15:00:21.599495Z"}, {"uuid": "8d2fa667-d6f7-44a4-9727-752e6d7270c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkzxn6pjmw2d", "content": "Progress Software alerts on critical MOVEit Automation auth bypass (CVE-2026-4670) affecting versions before 2025.1.5, enabling remote unauthenticated attacks. Over 1,400 instances found, including US gov systems. #MOVEitFlaw #AuthBypass #USA", "creation_timestamp": "2026-05-04T15:15:24.635430Z"}, {"uuid": "806ab10e-f3f5-4289-bba8-3d1f3f8e3f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-authentication-bypass-moveit-automation-cve-2026-4670-patch-immediately", "content": "", "creation_timestamp": "2026-05-04T08:08:49.000000Z"}, {"uuid": "84154582-4df3-45eb-92a4-1da4b67162fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3ml27bvuujh2b", "content": "Progress Software issued a critical alert regarding two severe vulnerabilities in its MOVEit Automation platform, allowing authentication bypass and privilege escalation. CVE-2026-4670 enables unauthenticated access, while CVE-2026-5174 allows attackers to gain administrative rights.", "creation_timestamp": "2026-05-04T17:32:16.654534Z"}, {"uuid": "94c86e66-9b84-421f-a035-365584e9d64e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3ml4fuifrss2e", "content": "\ud83d\udd17 CVE : CVE-2026-4670, CVE-2026-4670, CVE-2026-5174", "creation_timestamp": "2026-05-05T14:35:23.630829Z"}, {"uuid": "5da00cd8-ea13-4cc6-af75-3aa2f62389e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml4jro6tix2d", "content": "Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA", "creation_timestamp": "2026-05-05T15:45:21.585341Z"}, {"uuid": "d0e17ea0-bcf3-409f-9bb8-d34c9a73dee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/groovysecurity.bsky.social/post/3ml4j7gaprw2q", "content": "MOVEit Automation patched yesterday \u2014 CVE-2026-4670 + CVE-2026-5174, pre-auth chain to admin.\n\nTwo months back, cPanel CVE-2026-41940: 40K servers exploited from Feb 23, patch April 30.\n\nA version banner says \"remediated.\" Whether the exploit still runs on your config is a different question.", "creation_timestamp": "2026-05-05T15:35:09.932100Z"}, {"uuid": "8cf25fa1-caa6-463f-a594-2c3eabb447f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4mf5zt5d25", "content": "Critical vulnerabilities in MOVEit Automation (CVE-2026-4670 & CVE-2026-5174) demand immediate patching to prevent unauthorized access and privilege escalation. #CyberSecurity #DataProtection #MOVEit Link: thedailytechfeed.com/critical-mov...", "creation_timestamp": "2026-05-05T16:32:03.794576Z"}, {"uuid": "23e2dfdb-5748-400c-bcde-88ba1e270920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0133", "content": "Progress heeft kwetsbaarheden verholpen in MOVEit Automation. De kwetsbaarheid met kenmerk CVE-2026-4670 betreft een bypass van de authenticatie in MOVEit Automation. Een kwaadwillende zonder rechten kan deze kwetsbaarheid misbruiken zonder dat daar gebruikersinteractie voor nodig is. \n\nDe tweede kwetsbaarheid met kenmerk CVE-2026-5174 betreft een onjuiste invoervalidatie in Progress Software MOVEit Automation en maakt privilege-escalatie mogelijk.\n\nDeze kwetsbaarheden zijn aanwezig in versies 2025.0.0 tot maar niet inclusief 2025.0.9, versies 2024.0.0 tot maar niet inclusief 2024.1.8, en alle versies v\u00f3\u00f3r 2024.0.0.", "creation_timestamp": "2026-05-06T07:18:44.000000Z"}, {"uuid": "3e16be5a-9b85-4c52-be73-84a6c702c1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3ml7pk2w5i32s", "content": "CVE-2026-4670 (CVSS 9.8) MOVEit Automation Authentication Bypass\n\nAuth bypass in MOVEit Automation: potential admin access and data exposure.\n\nNo exploitation yet, but impact could be significant if workfl\u2026\n\n\ud83d\udd01 RT @censysio | reposted by @silascutler\nhttps://x.com/censysio/status/2051677821429334419", "creation_timestamp": "2026-05-06T22:06:28.354196Z"}, {"uuid": "5ebe651b-cc2a-4206-9fd9-b22f8c572022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://www.cert.se/2026/05/cert-se-veckobrev-v19.html", "content": "", "creation_timestamp": "2026-05-08T06:10:00.000000Z"}, {"uuid": "d3023495-2459-4196-b9f5-4dd1a0c904ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3ml2elkgw7f2p", "content": "\ud83d\udccc CVE-2026-4670 - Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.\n\nThis issue affects MOVEi... https://www.cyberhub.blog/cves/CVE-2026-4670", "creation_timestamp": "2026-05-04T19:07:07.988222Z"}, {"uuid": "2997a028-8042-4202-9ec5-6b7975f2eba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml2f27kjle2s", "content": "Progress patches critical MOVEit Automation flaws CVE-2026-4670 (auth bypass, CVSS 9.8) and CVE-2026-5174 (input validation, CVSS 7.7) allowing unauthorized admin access. Fixes released for versions <=2025.1.4. #MOVEit #Airbus #Vulnerability", "creation_timestamp": "2026-05-04T19:15:20.678919Z"}, {"uuid": "c65fa793-64f7-41d9-9890-02421db6224d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3ml2f5ehni52s", "content": "Progress's MOVEit Automation has a new critical authentication bypass (CVE-2026-4670) allowing unauthenticated admin access. This isn't just another patch; it's a recurring pattern threatening sensitive data across supply\u2026\n\nhttps://www.tpp.blog/qsb4rda\n\n#cybersecurity #progress #moveitautomation", "creation_timestamp": "2026-05-04T19:17:05.887495Z"}, {"uuid": "298ed445-1fd5-4761-8269-54a059bd30ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ml2pf3ek4p52", "content": "MOVEit automation flaws could enable full system compromise Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access...\n\n#Breaking #News #Security #CVE-2026-4670 #CVE-2026-5174 #Hacking #hacking #news #information [\u2026]", "creation_timestamp": "2026-05-04T22:20:49.769029Z"}, {"uuid": "dac80a83-8213-4bca-af9b-04271a667282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ml5xk5vwpq2w", "content": "Critical 98 MOVEit Automation Flaw Opens Enterprise File Transfer Systems to Unauthenticated Takeover +\u00a0Video\n\nIntroduction: A critical authentication bypass vulnerability (CVE-2026-4670, CVSS 9.8) and a high-severity privilege escalation flaw (CVE-2026-5174, CVSS 7.7) have been disclosed in\u2026", "creation_timestamp": "2026-05-06T05:24:22.041334Z"}, {"uuid": "66e7a3a4-0f7c-4153-8fb6-1e83eb525475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4670", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mlelztyknv2s", "content": "CVE-2026-4670: Critical MOVEit Automation Authentication Bypass\n\nCVE-2026-4670 is a critical authentication bypass vulnerability in Progress MOVEit Automation with a CVSS 9.8 score. Affects all...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-4670-moveit-authentication-bypass\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-08T20:47:01.039500Z"}, {"uuid": "23b70bb8-9cbc-4a30-b605-dffcf94258f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mljkuoerfd2w", "content": "MOVEit Automation Critical Security Alert Bulletin \u2013 April 2026 \u2013 (CVE-2026-4670, CVE-2026-5174)", "creation_timestamp": "2026-05-10T20:09:32.808036Z"}, {"uuid": "8b1a7998-6af3-4729-aa98-67cc88049a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlm2ilvt4c2m", "content": "\ud83d\udea8 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow", "creation_timestamp": "2026-05-11T19:54:26.633068Z"}, {"uuid": "7ad6b8be-9395-4798-92dd-118597ad269c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4670", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlm2ilvt4c2m", "content": "\ud83d\udea8 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow", "creation_timestamp": "2026-05-11T19:54:26.641866Z"}, {"uuid": "04e3f658-84f0-4b1c-8f75-ed87a7143d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46701", "type": "published-proof-of-concept", "source": "https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-j3vx-cx2r-pvg8", "content": "", "creation_timestamp": "2026-05-16T15:11:55.000000Z"}, {"uuid": "e3478cff-c98a-46a8-90ba-4ed72f035e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46703", "type": "published-proof-of-concept", "source": "https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j", "content": "", "creation_timestamp": "2026-05-16T10:58:07.000000Z"}, {"uuid": "89b49d88-b496-41cc-9430-941a19e7bf9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46702", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnxs62eub52l", "content": "CVE-2026-46702 - Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets\nCVE ID : CVE-2026-46702\n \n Published : June 10, 2026, 8:19 p.m. | 59\u00a0minutes ago\n \n Description : Russh is a Rust SSH client & server library. From vers...", "creation_timestamp": "2026-06-10T22:48:07.958635Z"}, {"uuid": "065ae77c-0661-46b5-a4dc-f158461fc6c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46705", "type": "published-proof-of-concept", "source": "https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3", "content": "", "creation_timestamp": "2026-05-20T22:48:47.000000Z"}, {"uuid": "2f8cb8d3-4495-49da-a088-b4946f9bf01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46702", "type": "published-proof-of-concept", "source": "https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259", "content": "", "creation_timestamp": "2026-05-23T07:53:38.000000Z"}, {"uuid": "93e71405-2399-4b22-903e-93a38110802b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnxsulhtsc2f", "content": "CVE-2026-46705 - russh server userauth state is not reset when authentication principal changes\nCVE ID : CVE-2026-46705\n \n Published : June 10, 2026, 8:21 p.m. | 56\u00a0minutes ago\n \n Description : Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to befo...", "creation_timestamp": "2026-06-10T23:00:19.086401Z"}, {"uuid": "f1f34b64-67df-4272-a2b4-cade075d8dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46703", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxzmkp6552n", "content": "\ud83d\udd34 CVE-2026-46703 - Critical (9.6)\n\nBoxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-46703/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T01:01:07.026549Z"}, {"uuid": "2c8e4d34-3b8b-4a2d-9af6-c801e9fa062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46703", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mny3azh3772f", "content": "Boxlite (<0.9.0) CRITICAL flaw: attackers can write files anywhere on host via crafted OCI images \u2014 possible RCE risk. Upgrade to 0.9.0+ ASAP! https://radar.offseq.com/threat/cve-2026-46703-cwe-22-improper-limitation-of-a-pat-fb9f1664 #OffSeq #CVE202646703 #ContainerSecurity", "creation_timestamp": "2026-06-11T01:30:26.869189Z"}, {"uuid": "5983badb-1e5e-40c8-83d9-18e2b376883c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46702", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnyac7hyk22n", "content": "\ud83d\udfe0 CVE-2026-46702 - High (7.5)\n\nRussh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when S...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-46702/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T03:00:36.322105Z"}, {"uuid": "1e4e4167-2734-4f0c-af23-6dadb2636cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46703", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnybrfpang2d", "content": "CVE-2026-46703 - BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host\nCVE ID : CVE-2026-46703\n \n Published : June 10, 2026, 11:16 p.m. | 2\u00a0hours, 48\u00a0minutes ago\n \n Description : Boxlite is a sandbox service that allows users to create ligh...", "creation_timestamp": "2026-06-11T03:26:58.561704Z"}, {"uuid": "3114f2f7-b9ee-4f1c-b85c-7149b86dbf2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46703", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116728884364901430", "content": "\ud83d\udea8 CRITICAL vuln in boxlite-ai Boxlite (<0.9.0): Malicious OCI images can exploit CWE-22 path traversal to write files anywhere on the host, leading to potential RCE. Upgrade to v0.9.0 ASAP. CVE-2026-46703. https://radar.offseq.com/threat/cve-2026-46703-cwe-22-improper-limitation-of-a-pat-fb9f1664 #OffSeq #CVE202646703 #ContainerSecurity", "creation_timestamp": "2026-06-11T07:04:43.279040Z"}, {"uuid": "79e0dcbd-f506-4aa5-88b5-0ea60d01cb52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46703", "type": "seen", "source": "https://bsky.app/profile/attrition.org/post/3mog7m2jsis2z", "content": "@f5labs.bsky.social re: www.f5.com/labs/article...  Are you using \"AI\" to do these? e.g. \"Threat Details and IOCs\" and \"CVE-2026-35273, CVE-2026-46695, CVE-2026-46703, CVE-2026-48558, CVE-2026-50545\" has nothing to do with the section above, and those CVEs are largely not for the software listed.", "creation_timestamp": "2026-06-16T16:25:31.310868Z"}, {"uuid": "231b1456-7159-4fa2-8971-f7ac97cea204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46701", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojevvheah2c", "content": "CVE-2026-48814 - Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)\nCVE ID : CVE-2026-48814\n \n Published : June 17, 2026, 7:42 p.m. | 2\u00a0hours ago\n \n Description : Network-AI is a TypeScript/Node.js multi-agent orchestrator. In ve...", "creation_timestamp": "2026-06-17T22:38:26.278750Z"}, {"uuid": "dd2de708-f0fa-415f-bc37-c64436c879a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46701", "type": "seen", "source": "https://gist.github.com/alon710/95012eaaac31573d3f20cff3cfbc3e84", "content": "# CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer\n\n> **CVSS Score:** 9.1\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48814\n\n## Summary\nCVE-2026-48814 is a critical vulnerability classified as Missing Authentication for Critical Function (CWE-306) in Network-AI, a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the Model Context Protocol (MCP) Server-Sent Events (SSE) server allows unauthenticated, cross-origin invocation of sensitive orchestration tools. This vulnerability stems from an incomplete fix for CVE-2026-46701, where library-level server class initializations still default to an insecure empty-secret configuration, allowing remote attackers or Server-Side Request Forgery (SSRF) agents to execute administrative tools.\n\n## TL;DR\nThe Network-AI library (versions <= 5.7.1) features an insecure default configuration in its MCP Server-Sent Events server component. If initialized without a secret, it permits unauthenticated remote callers to invoke any of its 22 critical orchestration tools, potentially leading to unauthorized data exposure, state mutation, and arbitrary agent spawning.\n\n## Technical Details\n\n- **CWE ID**: CWE-306 (Missing Authentication for Critical Function)\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 9.1 (Critical)\n- **EPSS Score**: 0.00297 (~0.30% probability)\n- **Impact**: High Confidentiality, High Integrity, No Availability\n- **Exploit Status**: None (No public weaponized exploit available)\n- **KEV Status**: Not listed in CISA KEV Catalog\n\n## Affected Systems\n\n- Network-AI library environments implementing custom McpSseServer integrations\n- Node.js multi-agent orchestration backends running network-ai versions <= 5.7.1\n- **network-ai**: <= 5.7.1 (Fixed in: `5.7.2`)\n\n## Mitigation\n\n- Upgrade the network-ai dependency to version 5.7.2 or later.\n- Instantiate the McpSseServer class with a non-empty, cryptographically secure secret.\n- Restrict binding configurations to loopback addresses (127.0.0.1, localhost) instead of binding to 0.0.0.0.\n- Utilize local standard input/output (McpStdioTransport) transport channels where network binding is not strictly required.\n\n**Remediation Steps:**\n1. Run 'npm install network-ai@5.7.2' to update the library to the patched version.\n2. Audit custom integration files importing 'McpSseServer' from 'network-ai' and ensure a strong secret is passed during initialization.\n3. Ensure the server initialization code does not fail open when environment variables are missing.\n\n## References\n\n- [GitHub Security Advisory Record](https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-r78r-rwrf-rjwp)\n- [GitHub Release Log v5.7.2](https://github.com/Jovancoding/Network-AI/releases/tag/v5.7.2)\n- [GitHub Advisory Database Mapping](https://github.com/advisories/GHSA-j3vx-cx2r-pvg8)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48814) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T14:11:51.000000Z"}]}