{"vulnerability": "CVE-2026-56876", "sightings": [{"uuid": "60170d90-baee-4ca1-83cc-0d4cb8aaf1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7lc624i52z", "content": "CVE-2026-56876 - extract-zip unvalidated symlink path traversal\nCVE ID : CVE-2026-56876\n \n Published : June 26, 2026, 4:44 p.m. | 1\u00a0hour ago\n \n Description : extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file contai...", "creation_timestamp": "2026-06-26T18:31:14.132828Z"}, {"uuid": "f8ecd3ad-f1cd-45d2-9587-8ca00fe7cc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56876", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpb3v7jhqg2i", "content": "CVE-2026-56876 - Path Traversal in Extract-zip. Symlink handling flaw allows arbitrary file read/write via malicious zip. CVSS 8.1. No patch available. Avoid untrusted archives. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-56876/", "creation_timestamp": "2026-06-27T09:00:53.052984Z"}]}