{"vulnerability": "cve-2026-4104", "sightings": [{"uuid": "1a75ff79-5ec8-4c10-ad28-0ce759c016d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41040", "type": "seen", "source": "https://jvn.jp/en/jp/JVN46728373", "content": "", "creation_timestamp": "2026-04-22T23:00:00.000000Z"}, {"uuid": "d6c8c2f5-ce1e-448e-bfd7-f907104274d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41040", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mk5idlknuu2o", "content": "", "creation_timestamp": "2026-04-23T07:27:03.298006Z"}, {"uuid": "df04c1e5-6c24-4034-8464-96819bf71cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41043", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mk6n4dcaab2j", "content": "", "creation_timestamp": "2026-04-23T18:25:08.120746Z"}, {"uuid": "372615b3-a7b9-415f-a03d-aea3c48c63db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41044", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mk6nfceoup2i", "content": "", "creation_timestamp": "2026-04-23T18:30:09.341546Z"}, {"uuid": "db26b7f0-26dc-4b19-9503-6e7a1a1d3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41044", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbjwdmqjf2c", "content": "", "creation_timestamp": "2026-04-24T22:06:05.909632Z"}, {"uuid": "a3f837bb-b2e9-48d3-acc5-c0fd64840c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41040", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke5geeu7n2g", "content": "", "creation_timestamp": "2026-04-25T23:00:24.224277Z"}, {"uuid": "d592fc24-cfb0-4773-8da7-c0e16e34cef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41040", "type": "seen", "source": "Telegram/urlzpjryvSvXWqyPhDF692tLL2bCxG68Jn-4GeiaVe6Gc8U", "content": "", "creation_timestamp": "2026-04-23T09:15:24.000000Z"}, {"uuid": "b8f98051-c627-4956-ae87-746af102a3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41044", "type": "seen", "source": "https://t.me/GithubRedTeam/82911", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41044\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrillicit\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 11:44:04\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T12:00:05.000000Z"}, {"uuid": "c31a353c-8e7d-4eb6-8963-d848f6fadd7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41044", "type": "seen", "source": "https://t.me/bdufstecru/3143", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Apache ActiveMQ \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06410\nCVE-2026-41044\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt", "creation_timestamp": "2026-05-08T13:56:37.000000Z"}, {"uuid": "bf285631-1450-4b7e-aa93-849fd67e08e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqyowpr7z2z", "content": "qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048)", "creation_timestamp": "2026-05-26T12:30:42.714950Z"}, {"uuid": "fe5d819d-48cf-4ccd-b628-6ae46beb3a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqyowpr7z2z", "content": "qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048)", "creation_timestamp": "2026-05-26T12:30:42.902846Z"}, {"uuid": "0b23d54a-a0bc-4794-841c-dded8f9b49d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4104", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnhsk4nu3u25", "content": "CVE-2026-4104 - Critical SQLi in TeknoPass by Akmer Informatics. Authorization bypass via user-controlled SQL primary key. CVSS 9.8. No patch available. Block access or isolate affected systems immediately. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-4104/", "creation_timestamp": "2026-06-04T14:11:52.192201Z"}, {"uuid": "2818d3b3-2d30-4abc-bd1e-c8c63699470e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmc2nnvc2m", "content": "CVE-2026-41045 - Weak polkit authentication check in qSnapper\nCVE ID : CVE-2026-41045\n \n Published : June 22, 2026, 3:16 p.m. | 3\u00a0hours, 53\u00a0minutes ago\n \n Description : A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attack...", "creation_timestamp": "2026-06-22T19:22:27.181397Z"}, {"uuid": "3d569253-e2e3-48ab-9e8f-4c8df2acf053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h", "content": "CVE-2026-41049 - Caching of Authentication allows Authentication Bypass between users in qSnapper\nCVE ID : CVE-2026-41049\n \n Published : June 22, 2026, 3:32 p.m. | 3\u00a0hours, 37\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different users of the\u00a0 qSna...", "creation_timestamp": "2026-06-22T19:28:48.001386Z"}, {"uuid": "72999106-c3a3-4006-8791-ff85c40797f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movn3snyzh2m", "content": "CVE-2026-41048 - Caching of Authentication allows Authentication Bypass in qSnapper\nCVE ID : CVE-2026-41048\n \n Published : June 22, 2026, 3:31 p.m. | 3\u00a0hours, 39\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different polkit methods in qSnapper befor...", "creation_timestamp": "2026-06-22T19:36:51.968989Z"}, {"uuid": "cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3movysuxn772i", "content": "CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows local root access. CVSS 8.1. No patch available. Mitigate immediately. #CVE #infosec #Linux\n\nhttps://www.valtersit.com/cve/CVE-2026-41045/", "creation_timestamp": "2026-06-22T23:06:37.278130Z"}, {"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}, {"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}, {"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}, {"uuid": "8cddc32b-fae1-450c-bf7d-6a5dacc249f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjvvulqhy2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/B1084611-D2B9-4763-9D66-2B1AF7A0D054", "creation_timestamp": "2026-07-13T14:33:01.834703Z"}, {"uuid": "e35e002f-27e5-4a03-af0e-d5c74ddf2cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaefjajh24", "content": "CVE-2026-41041 - apache gravitino\nApache Gravitino's MCP REST client fails to properly encode user input in URLs, potentially allowing attackers to access sensitive data or API endpoints.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachegravitino #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-13T17:40:06.874702Z"}, {"uuid": "fc86f251-0761-4a6c-85b8-3fd8d5161db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkzdjoiir2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/645D99B0-7BBC-4833-BF58-A1849630DF4D", "creation_timestamp": "2026-07-14T01:07:01.254042Z"}, {"uuid": "45ae3bda-1017-41e9-8f1d-93efb5737d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlbpw4hwo2f", "content": "\ud83d\udccc CVE-2026-41041 - URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before ... https://www.cyberhub.blog/cves/CVE-2026-41041", "creation_timestamp": "2026-07-14T03:37:07.030137Z"}]}