{"vulnerability": "CVE-2026-58138", "sightings": [{"uuid": "875fd95a-0c34-4bb4-be48-ab672683691e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58138", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mpm3tty4fp25", "content": "CVSS 9.8. Unauthenticated. Remote code execution. No credentials required.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-58138-orkes-conductor-unauth-rce-poc/\n\n#InfoSec #DataBreach", "creation_timestamp": "2026-07-01T17:59:24.846064Z"}, {"uuid": "ee84b475-dc0c-4a89-a1e8-e0178f6e6a29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "https://t.me/GithubRedTeam/91343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-58138-Conductor-Unauth-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a BiiTts\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-30 19:49:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-58138 \u2014 Conductor (3.21.21..&lt;3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:16.124089Z"}, {"uuid": "0eaaf680-2801-413a-93d4-db083310a614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "https://t.me/GithubRedTeam/91343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-58138-Conductor-Unauth-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a BiiTts\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-30 19:49:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-58138 \u2014 Conductor (3.21.21..&lt;3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:32.744832Z"}, {"uuid": "755fe120-cb17-488f-b0a9-cb8ea07e4b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/91343", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-58138-Conductor-Unauth-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a BiiTts\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-30 19:49:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-58138 \u2014 Conductor (3.21.21..&lt;3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:25.663039Z"}, {"uuid": "11be28ad-ee8d-4e87-a344-6addc39507b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93570", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-58138\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a seqra\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 16:07:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:04.822425Z"}, {"uuid": "d83bfd91-46a9-45a4-9ae6-3467b0e3759a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93602", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-58138\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Ch4120N\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 20:36:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-58138 \u2014 Conductor (3.21.21..&lt;3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:04.915548Z"}, {"uuid": "cbe16dd5-b878-4206-9ba1-e099d09f9a24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/aLUBIgd1oXw2vuhuFf6alCjtWAQyS8DwghI3-yppd5LMZjw", "content": "", "creation_timestamp": "2026-07-16T19:00:04.332675Z"}, {"uuid": "e6a9f421-9684-4e46-b8b7-9971500e28fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/NdtFs6hNB9_NZbjw-blRCy5VLViEDDk3craQ6x0AEbHqe3s", "content": "", "creation_timestamp": "2026-07-16T19:00:05.481977Z"}, {"uuid": "708ccf85-3211-43b7-9f95-6af804620b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/qDbx2CcWW1ljYrgbnUu6Ex1maUX2VAjENXcPvjZN2_dh6iU", "content": "", "creation_timestamp": "2026-07-16T19:00:25.336424Z"}, {"uuid": "3a413567-696f-48e7-a15f-65fe58ba08ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/EU_Y1WTP7XC2Unqgh398sSMzruBTYdUozEbcjvnJL3mtgJg", "content": "", "creation_timestamp": "2026-07-16T19:00:25.668380Z"}, {"uuid": "43fd28fe-5d60-4f54-929e-5867ed3f6c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "Telegram/aLUBIgd1oXw2vuhuFf6alCjtWAQyS8DwghI3-yppd5LMZjw", "content": "", "creation_timestamp": "2026-07-17T00:00:26.194756Z"}, {"uuid": "95b7a234-e239-48d4-ae0a-a6122aee44b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "Telegram/NdtFs6hNB9_NZbjw-blRCy5VLViEDDk3craQ6x0AEbHqe3s", "content": "", "creation_timestamp": "2026-07-17T00:00:25.523735Z"}, {"uuid": "0660fed4-edd9-46f9-a048-917028273e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/qDbx2CcWW1ljYrgbnUu6Ex1maUX2VAjENXcPvjZN2_dh6iU", "content": "", "creation_timestamp": "2026-07-17T00:00:41.594686Z"}, {"uuid": "18408ba6-d076-474b-a1d7-4630ddfccebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "seen", "source": "Telegram/EU_Y1WTP7XC2Unqgh398sSMzruBTYdUozEbcjvnJL3mtgJg", "content": "", "creation_timestamp": "2026-07-17T00:00:41.920806Z"}, {"uuid": "09bae698-04f3-4d4c-8673-aa93bf3ec7b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93602", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-58138\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Ch4120N\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 20:36:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-58138 \u2014 Conductor (3.21.21..&lt;3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:55.061433Z"}, {"uuid": "76f87c5c-4cf8-4553-95e9-a776567a7326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58138", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93570", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-58138\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a seqra\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 16:07:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:54.982910Z"}]}