{"vulnerability": "CVE-2026-4926", "sightings": [{"uuid": "3dd28cd5-18a0-4ff3-98de-b56b1adb7610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3mhybqr5nz227", "content": "", "creation_timestamp": "2026-03-26T18:55:29.810898Z"}, {"uuid": "e0227e74-a132-42d4-ab78-e6321e8651a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhyfjwhnel27", "content": "", "creation_timestamp": "2026-03-26T20:03:12.665976Z"}, {"uuid": "45866c07-3361-4832-a12d-52c22eba1dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyirqieyp2m", "content": "", "creation_timestamp": "2026-03-26T21:01:16.638369Z"}, {"uuid": "c3b94e2e-eedf-49b4-8df3-91e21b7d796b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "Telegram/knkV6U7RC4OpKxR0GhJKoJS2C9Z__Lnhn5rNmC0CAguDvjk", "content": "", "creation_timestamp": "2026-03-26T21:36:49.000000Z"}, {"uuid": "d0aaac56-2aab-4f04-8637-3616e44a3e5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49269", "type": "seen", "source": "https://gist.github.com/scndls/9cbe31f2b0b1578eaeb311e601335355", "content": "This issue affects Apple M1 systems. I confirmed it on an Apple M1 MacBook Air (MacBookAir10,1) running macOS 26.3.1 (25D2128), with SIP enabled, no root access, and no special entitlements beyond App Sandbox.\n\nThe issue is a cross-process information disclosure caused by residual GPU register state. Apple M1 GPUs can leave register values behind between compute shader dispatches from different processes.\n\nThis is a sandbox boundary issue. In my proof of concept, one sandboxed app (`GPUVictim.app`) generates a fresh random 128-bit secret with `SecRandomCopyBytes` and loads it into GPU registers. A second sandboxed\napp (`GPUAttacker.app`), running as a separate sandboxed process, recovers that secret from stale GPU register state.\n\nThe two apps do not share files, memory, IPC, sockets, XPC, pasteboard, IOSurface, MTLSharedEvent, or special permissions. The attacker writes the recovered values into its own Metal output buffer, but the values\ncame from the victim process.\n\nThe security impact is confidentiality loss across app sandbox boundaries. If sensitive data is processed by GPU code and reaches GPU registers, a separate sandboxed process may be able to recover that data\nlater. Depending on the victim workload, this kind of data could include application secrets, API tokens, password-derived material, private user data, or other values that should remain confined to the victim\nprocess.\n\nIn automated testing, the attacker recovered the exact 128-bit victim secret in 20 out of 20 positive trials, with a fresh random secret each time. Attacker-only negative controls did not recover the victim\nsecret.\n\nA video demonstration is available here:\n\nhttps://youtu.be/Wzh9ZHjyxK8\n\nApple disputed CVE assignment and stated that the behavior was addressed at the hardware level in current-generation Apple Silicon. MITRE TL-Root reviewed the dispute and determined that the issue meets the\ncriteria for CVE assignment. MITRE instructed publication of CVE-2026-49269 as a disputed CVE record.\n", "creation_timestamp": "2026-05-29T08:25:41.000000Z"}, {"uuid": "1a076b4b-fbe0-4156-9306-6bc3311699df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49267", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5lqqqiav2d", "content": "CVE-2026-49267: Apache Airflow: No certificate validation on SMTP STARTTLS connections", "creation_timestamp": "2026-05-31T12:43:41.009829Z"}, {"uuid": "756e9bb2-ec71-4713-99dd-2e60af436726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnqxnczkoz2z", "content": "\ud83d\udccc CVE-2026-4926 - Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The ... https://www.cyberhub.blog/cves/CVE-2026-4926", "creation_timestamp": "2026-06-08T05:37:47.219699Z"}, {"uuid": "eeb79982-5e15-46d1-a9fd-a14ab62c7b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49261", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzvwulfix24", "content": "\ud83d\udd34 CVE-2026-49261 - Critical (10)\n\nMariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49261/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T19:00:37.381597Z"}, {"uuid": "646b3242-6c88-49eb-b382-8d5c62a1f478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49261", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3moip27mboh2e", "content": "\ud83d\udccc CVE-2026-49261 - MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.... https://www.cyberhub.blog/cves/CVE-2026-49261", "creation_timestamp": "2026-06-17T16:07:09.234241Z"}, {"uuid": "c481ba80-a904-4551-93ce-637d82942d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49268", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moimkre7522k", "content": "CVE-2026-49268: Apache Shiro: LDAP DN Injection in DefaultLdapRealm", "creation_timestamp": "2026-06-17T15:22:42.772488Z"}, {"uuid": "554a69ec-6a0e-489d-9f25-c3f8d8d69bcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49261", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moj7khktkw2v", "content": "\ud83d\udea8 HIGH: CVE-2026-49261\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nMariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with  `wsrep_notify_cmd` enabled would execute shell commands embedde", "creation_timestamp": "2026-06-17T21:02:33.671660Z"}, {"uuid": "86ce5027-bff0-414b-8fdb-98b3e6938875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49268", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3molcr4tjop2y", "content": "Apache Shiro patched CVE-2026-49268: DefaultLdapRealm did not escape RFC 2253 special characters in usernames, allowing LDAP DN injection. Fixed in 2.2.1 and 3.0.0-alpha-2. Input that flows into a directory query needs escaping every time. When did you last audit your Shiro realm config?\n\n#security", "creation_timestamp": "2026-06-18T17:05:17.919201Z"}, {"uuid": "ae81ec21-e385-4ef6-a407-65cb6e3660bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49260", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3monvvf7aa22k", "content": "CVE-2026-49260 - PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)\nCVE ID : CVE-2026-49260\n \n Published : June 19, 2026, 4:59 p.m. | 44\u00a0minutes ago\n \n Description ...", "creation_timestamp": "2026-06-19T17:53:01.488925Z"}, {"uuid": "bddcb6c3-9927-4dc9-8076-5d794a1f93d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49268", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn3qrabg2r", "content": "\ud83d\udea8  ALERT: CVE-2026-49268\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nA remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special ", "creation_timestamp": "2026-06-22T00:31:29.516680Z"}, {"uuid": "3fb7c4e4-7d93-485e-9a64-909058aedcac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49261", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnd7x2442e", "content": "\ud83d\udea8  ALERT: CVE-2026-49261\n\nCVSS 10.0/10\n\n\ud83d\udccb WHAT IT IS:\nMariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with  `wsrep_notify_cmd` enabled would execute shell commands embed", "creation_timestamp": "2026-06-22T00:35:40.356951Z"}]}