{"vulnerability": "CVE-2026-55603", "sightings": [{"uuid": "e44eea52-fb1e-447a-9fc9-d49ec100d908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55603", "type": "published-proof-of-concept", "source": "https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm", "content": "", "creation_timestamp": "2026-06-17T17:17:39.000000Z"}, {"uuid": "ba0068d4-71b2-46ba-b1c9-f50f336e6cc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55603", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mox25jonrk2t", "content": "CVE-2026-55603 - CRLF Injection in Http-proxy-middleware. CVSS 7.5. Allows header manipulation via multipart form data. No patch available yet. Mitigate by avoiding untrusted input in body parsers. #CVE #infosec #nodejs\n\nhttps://www.valtersit.com/cve/CVE-2026-55603/", "creation_timestamp": "2026-06-23T09:03:07.163423Z"}]}