{"vulnerability": "CVE-2026-9678", "sightings": [{"uuid": "5568f453-64f1-4e3c-a2fe-19dab45b00f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9678", "type": "seen", "source": "https://bsky.app/profile/nodeland.dev/post/3mol72n6k5o27", "content": "\ud83d\udfe1 Moderate: Shared-cache disclosure (CVE-2026-9678).\nThe cache interceptor mishandled whitespace-padded Cache-Control like `private=\" authorization\"`, so authenticated responses could be cached & served to other users in shared mode.\nv7/v8. Fixed in 7.28.0 / 8.5.0.", "creation_timestamp": "2026-06-18T15:59:05.069707Z"}, {"uuid": "39cc3507-5b74-4ffa-8399-c06e884c25c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9678", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3moiskw2as22g", "content": "\ud83d\udea8 Medium-severity security fix in undici (7.28.0, 8.5.0) just released!\n\nPatches CVE-2026-9678. undici vulnerable to cross-user information disclosure via shared cache whitespace bypass.\n\ngithub.com/nodejs/undic...", "creation_timestamp": "2026-06-17T17:10:11.765969Z"}]}