{"vulnerability": "cve-2026-4235", "sightings": [{"uuid": "ecd51717-60ae-424d-a97e-a82f4d8a1586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42353", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mle7qq5zuy2z", "content": "\ud83d\udfe0 CVE-2026-42353 - High (8.2)\n\ni18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fa...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42353/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T17:07:10.746362Z"}, {"uuid": "46285f22-4cda-4a88-8171-994ab9e49a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42353", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlee6ysikv2k", "content": "CVE-2026-42353 - Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters\nCVE ID : CVE-2026-42353\n \n Published : May 8, 2026, 4:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : i18next-http-middleware is a middleware to be used wi...", "creation_timestamp": "2026-05-08T18:26:44.132721Z"}, {"uuid": "96c40982-7b7b-463c-a3a1-3ea7f1441ae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42351", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleum3owqg2s", "content": "\ud83d\udfe0 CVE-2026-42351 - High (7.5)\n\npygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42351/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T23:20:23.655669Z"}, {"uuid": "542edcac-0b47-42f1-a6e3-a0bef5115856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42352", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleupdajst2n", "content": "\ud83d\udfe0 CVE-2026-42352 - High (8.6)\n\npygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42352/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T23:22:12.424896Z"}, {"uuid": "0f72cdd3-bdd5-4739-b2b7-79ff947fb656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42354", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleupkgzli2z", "content": "\ud83d\udd34 CVE-2026-42354 - Critical (9.1)\n\nSentry is an error tracking and performance monitoring tool. From version 21.12.0 to before versi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42354/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T23:22:20.265321Z"}, {"uuid": "8c30ab16-7e27-447a-a83f-31c03183106f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42354", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116541675237436780", "content": "\ud83d\udea8 CRITICAL: Sentry SAML SSO auth bypass (CVE-2026-42354) affects 21.12.0 - 26.4.0. Attackers w/ malicious SAML IdP & another org can fully compromise user accounts. Upgrade to 26.4.1 ASAP! https://radar.offseq.com/threat/cve-2026-42354-cwe-290-authentication-bypass-by-sp-32bd5f55 #OffSeq #Sentry #Vuln #Security", "creation_timestamp": "2026-05-09T00:00:40.703877Z"}, {"uuid": "7bf1e7da-8074-40a3-8a80-4713b114cc77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42354", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlewu65dad2v", "content": "Sentry SAML SSO CRITICAL vuln (CVE-2026-42354): 21.12.0 - 26.4.0 allows account takeover via malicious SAML IdP if victim email is known. Upgrade to 26.4.1+ now! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-42354-cwe-290-authentication-bypass-by-sp-32bd5f55 #OffSeq #Sentry #Security", "creation_timestamp": "2026-05-09T00:00:42.179611Z"}, {"uuid": "c1e14af9-395b-44dd-8ca9-e0a798467d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlezw4c6mx2o", "content": "CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber\nCVE ID : CVE-2026-42352\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : pygeoapi is a Python server implementation of the OGC API suite of standards. From ...", "creation_timestamp": "2026-05-09T00:55:28.075118Z"}, {"uuid": "f216a2ce-2f48-4b6b-af91-01117c45851f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42354", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlf37earic2r", "content": "CVE-2026-42354 - Sentry: Improper authentication on SAML SSO process allows user identity linking\nCVE ID : CVE-2026-42354\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Sentry is an error tracking and performance monitoring tool. From version 2...", "creation_timestamp": "2026-05-09T01:18:32.312351Z"}, {"uuid": "3d5baa4b-48b2-4392-8dce-d5f3fe54b48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42350", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116545697527370018", "content": "A lot of offensive activities were identified targeting akuity kargo (CVE-2026-42350) https://vuldb.com/vuln/362396/cti", "creation_timestamp": "2026-05-09T17:03:37.111826Z"}, {"uuid": "e38764cb-5e09-459a-a78e-d0fbbbebb52a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42354", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm5b2mh5z52p", "content": "\ud83d\udccc CVE-2026-42354 - Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in... https://www.cyberhub.blog/cves/CVE-2026-42354", "creation_timestamp": "2026-05-18T16:07:09.730954Z"}, {"uuid": "d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42359", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nw4nzo32u", "content": "CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint \u2014 XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator", "creation_timestamp": "2026-05-31T13:22:28.619981Z"}, {"uuid": "7e406bcf-4e46-4603-aec2-0850312521b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42358", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5oi3cac32a", "content": "CVE-2026-42358: Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets", "creation_timestamp": "2026-05-31T13:32:31.212465Z"}, {"uuid": "e5a23430-65cc-44d5-968f-a893605c30c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mn7urgkev32g", "content": "Apache Airflow 3.2.0 has a CRITICAL XCom PATCH deserialization bug (CVE-2026-42359). Authenticated users with write rights risk RCE. Upgrade to 3.2.2+ and restrict permissions. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #Vuln", "creation_timestamp": "2026-06-01T10:30:27.322316Z"}, {"uuid": "f9b3e178-12cf-470b-9440-113ce4e3a821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116674384679698884", "content": "\ud83d\udea9 CVE-2026-42359 (CRITICAL): Apache Airflow 3.2.0 XCom PATCH deserialization flaw enables authenticated users with XCom write to execute code remotely. Upgrade to 3.2.2+ to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #RCE #Security", "creation_timestamp": "2026-06-01T10:30:34.741044Z"}]}