{"vulnerability": "cve-2026-4299", "sightings": [{"uuid": "e1170741-080c-4612-a110-ebecf196ee74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42994", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116497791564275450", "content": "\ud83d\udea9 CVE-2026-42994: Bitwarden CLI v2026.4.0 (npm, Apr 2026) has a HIGH severity OS Command Injection (CVSS 8.8) due to a supply chain compromise. No patch yet. Avoid this version & verify installs. More info: https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #AppSec", "creation_timestamp": "2026-05-01T06:00:28.653615Z"}, {"uuid": "c8790766-2676-4217-a94f-5203820ed7df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4299", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mixsaxtmr62o", "content": "", "creation_timestamp": "2026-04-08T07:43:22.944549Z"}, {"uuid": "f7d1dc33-4584-4280-bff4-292c5ced6a24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42994", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkrha6jb7626", "content": "Bitwarden CLI v2026.4.0 (npm, Apr 2026) faces HIGH severity OS Command Injection (CVSS 8.8). Supply chain compromise \u2014 avoid this version & check your installs. No patch yet. https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #Vuln", "creation_timestamp": "2026-05-01T06:00:30.455444Z"}, {"uuid": "ee6134a8-8c13-4c61-a1b2-445bee2e044e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42994", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkrjfrmfue2n", "content": "CVE-2026-42994 - Bitwarden CLI Malicious Code Injection\nCVE ID : CVE-2026-42994\n \n Published : May 1, 2026, 5:16 a.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious cod...", "creation_timestamp": "2026-05-01T06:39:25.181462Z"}, {"uuid": "bf0ecf88-a479-468a-9250-1472d703c3c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42996", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkrpf7bg2x2c", "content": "CVE-2026-42996 - JS8Call APRSIS Client Stack-Based Buffer Overflow\nCVE ID : CVE-2026-42996\n \n Published : May 1, 2026, 7:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transm...", "creation_timestamp": "2026-05-01T08:26:28.975166Z"}, {"uuid": "c2e0bd65-89f6-455a-94c9-c954a2c537b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42997", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml4ratvmfr2j", "content": "[OSSA-2026-010] Ironic: Credential Forwarding to Arbitrary Endpoints via iDrac Configuration Molds Feature (CVE-2026-42997)", "creation_timestamp": "2026-05-05T17:59:08.492181Z"}, {"uuid": "b99d21d6-2bd7-430d-ae04-3a92596b41ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42997", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4vnfpglw2w", "content": "\ud83d\udfe0 CVE-2026-42997 - High (7.7)\n\nAn issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invokin...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42997/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T19:17:45.326688Z"}, {"uuid": "f1145137-54e8-482b-a6ad-033b4b4c9edb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42997", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4zyjhzgt2i", "content": "CVE-2026-42997 - Dell Idrac Authorization Credential Exposure\nCVE ID : CVE-2026-42997\n \n Published : May 5, 2026, 7:16 p.m. | 1\u00a0hour, 5\u00a0minutes ago\n \n Description : An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can req...", "creation_timestamp": "2026-05-05T20:35:31.113021Z"}, {"uuid": "95cc5d04-2ca5-4a07-8333-887852b00852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42998", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmwwsrnh6g2z", "content": "[OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394)", "creation_timestamp": "2026-05-28T21:13:01.990403Z"}, {"uuid": "85aa5064-41d7-4de5-b5e1-0206b7273723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42999", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmwwsrnh6g2z", "content": "[OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394)", "creation_timestamp": "2026-05-28T21:13:02.141112Z"}, {"uuid": "df451601-8996-4b8e-887f-39ead1b7953f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42999", "type": "seen", "source": "https://bsky.app/profile/jssfr.zombofant.net.ap.brid.gy/post/3mmwfswfjiez2", "content": "If you are running OpenStack, CVE-2026-42999 and others just dropped: https://bugs.launchpad.net/keystone/+bug/2148398\n\nThis one is really nasty and you'll want to patch ASAP.", "creation_timestamp": "2026-05-28T16:08:57.150231Z"}, {"uuid": "ed056471-6f29-44b7-b416-6c6165c9d79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42999", "type": "seen", "source": "https://bsky.app/profile/jssfr.zombofant.net.ap.brid.gy/post/3mmwftqupgjt2", "content": "If you are running OpenStack, CVE-2026-42999 and others just dropped: https://bugs.launchpad.net/keystone/+bug/2148398\n\nThis one is really nasty and you'll want to patch ASAP.\n\n#OpenStack #Security", "creation_timestamp": "2026-05-28T16:09:26.833716Z"}]}