{"vulnerability": "CVE-2026-5366", "sightings": [{"uuid": "5cfacb90-f761-4815-802b-c9cd67c12dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53661", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnzr2bnmce25", "content": "CVE-2026-53661 - boruta-server sent sensitive session cookies without the Secure attribute\nCVE ID : CVE-2026-53661\n \n Published : June 11, 2026, 2:16 p.m. | 2\u00a0hours, 48\u00a0minutes ago\n \n Description : Boruta is a standalone authorization server that aims to implement OAuth 2.0 an...", "creation_timestamp": "2026-06-11T17:33:01.997351Z"}, {"uuid": "ba7661d4-f981-460b-8e0f-562ecad2c7c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5366", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116785154318795848", "content": "CVE-2026-5366 (CRITICAL, CVSS 9.9): prefecthq/prefect 3.6.23 lets users with deployment creation rights inject git flags via commit_sha/directories in GitRepository, enabling remote code exec. Restrict permissions & monitor updates. https://radar.offseq.com/threat/cve-2026-5366-cwe-94-improper-control-of-generatio-ef5838b1259ff631 #OffSeq #CVE20265366 #infosec", "creation_timestamp": "2026-06-21T00:00:42.065702Z"}, {"uuid": "bd724169-559b-48b5-999f-c92ecf092935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5366", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moqngff2oa2u", "content": "CVE-2026-5366 - Git Argument Injection in prefecthq/prefect\nCVE ID : CVE-2026-5366\n \n Published : June 20, 2026, 4:43 p.m. | 2\u00a0hours, 59\u00a0minutes ago\n \n Description : Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input...", "creation_timestamp": "2026-06-20T19:59:27.604188Z"}]}