{"vulnerability": "cve-2026-4491", "sightings": [{"uuid": "3a464cf0-a554-4435-a0e4-4e920bc4fe2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhj6x6khj72e", "content": "", "creation_timestamp": "2026-03-20T18:55:25.196350Z"}, {"uuid": "18a9ec5b-5ff9-44f5-bc4b-3e019b771800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44916", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mldfehbnuw2p", "content": "CVE-2026-44916 - OpenStack Ironic Unvalidated Template Injection\nCVE ID : CVE-2026-44916\n \n Published : May 8, 2026, 7:16 a.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.\n \n Severity: 3...", "creation_timestamp": "2026-05-08T09:15:01.226884Z"}, {"uuid": "45e828c0-596f-4fec-92cc-820aa1054a09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44916", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mllphejab224", "content": "[OSSA-2026-012] Ironic: Remote Code Execution when Anaconda driver enabled (CVE-2026-44916)", "creation_timestamp": "2026-05-11T16:36:54.191123Z"}, {"uuid": "c7f99d93-70cc-450e-a52c-6cd484c20019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44919", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrzgd6pbv2r", "content": "CVE-2026-44919 - OpenStack Ironic Infinite Loop File Protocol Checksum Vulnerability\nCVE ID : CVE-2026-44919\n \n Published : May 14, 2026, 2:17 a.m. | 2\u00a0hours, 13\u00a0minutes ago\n \n Description : In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite lo...", "creation_timestamp": "2026-05-14T04:51:15.138641Z"}, {"uuid": "5de75094-72f4-4399-afdc-607437c224be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44919", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmafymnt7n24", "content": "[OSSA-2026-013] Ironic: Denial of Service via specially crafted deployment requests (CVE-2026-44919)", "creation_timestamp": "2026-05-19T22:13:30.357812Z"}, {"uuid": "eb3bca8a-098a-45f6-ab4e-01f63b88e7eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44917", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh375hxla2d", "content": "CVE-2026-44917 - OpenStack Ironic Local File Read via PXE Template\nCVE ID : CVE-2026-44917\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local f...", "creation_timestamp": "2026-06-04T07:14:07.758491Z"}, {"uuid": "dce74292-3033-4700-8fca-7f322a0ece39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44915", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monl4huei52p", "content": "CVE-2026-44915: Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value", "creation_timestamp": "2026-06-19T14:40:08.023740Z"}, {"uuid": "8860f368-2422-434d-a333-09c5ac828010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44913", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moqfeqqofp2c", "content": "CVE-2026-44913: Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL", "creation_timestamp": "2026-06-20T17:35:22.700516Z"}, {"uuid": "585a9874-8acc-4006-ba97-a0d31deae0a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44914", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moqfnp5qnq2s", "content": "CVE-2026-44914: Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents", "creation_timestamp": "2026-06-20T17:40:22.920729Z"}, {"uuid": "0280c3b3-5a3d-4424-9f03-1669b728b596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44911", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moqfwnlakf2t", "content": "CVE-2026-44911: Apache NiFi: Incorrect Authorization for Configuration Verification Requests", "creation_timestamp": "2026-06-20T17:45:23.201336Z"}, {"uuid": "d201d66e-df75-4059-a5fb-9163c340858b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44914", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moujjvtdeq2m", "content": "Apache NiFi 1.12.0 \u2013 2.9.0: HIGH severity flaw lets users with write access add restricted components. Upgrade to 2.9.0 or enforce extra controls. CVE-2026-44914. https://radar.offseq.com/threat/cve-2026-44914-cwe-862-missing-authorization-in-ap-41e3d5d03a56632c #OffSeq #Cybersecurity #NiFi", "creation_timestamp": "2026-06-22T09:00:29.965510Z"}, {"uuid": "7ecbc043-6df4-4f7b-bfba-ddd134240034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44914", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116792939472856881", "content": "CVE-2026-44914: HIGH severity in Apache NiFi (1.12.0 \u2013 2.9.0). Missing authorization lets users with write access add restricted components. Upgrade to 2.9.0 or enforce specific controls. https://radar.offseq.com/threat/cve-2026-44914-cwe-862-missing-authorization-in-ap-41e3d5d03a56632c #OffSeq #NiFi #Vuln #Infosec", "creation_timestamp": "2026-06-22T09:00:38.439396Z"}, {"uuid": "b964c619-3adb-4d24-bbd0-67abde11f22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44914", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3moum3dbxrd2y", "content": "Apache NiFi 2.10.0 (June 20) fixes CVE-2026-44914, where a user with general write access could add components requiring Restricted permissions, bypassing authorization. It affects 1.12.0 to 2.9.0. How do you gate Restricted components in NiFi?\n#security", "creation_timestamp": "2026-06-22T09:46:01.994703Z"}, {"uuid": "8c1b951d-b913-4005-bd0e-a65cb0d3a94c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44914", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moutcafs422s", "content": "CVE-2026-44914 - Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents\nCVE ID : CVE-2026-44914\n \n Published : June 22, 2026, 7:38 a.m. | 4\u00a0hours, 5\u00a0minutes ago\n \n Description : Apache NiFi 1.12.0 through 2.9.0 are missing authorization when ...", "creation_timestamp": "2026-06-22T11:55:09.440421Z"}, {"uuid": "f22b26ad-d386-4250-a7ec-a0622284c66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44911", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moutshvmqm25", "content": "CVE-2026-44911 - Apache NiFi: Incorrect Authorization for Configuration Verification Requests\nCVE ID : CVE-2026-44911\n \n Published : June 22, 2026, 7:37 a.m. | 4\u00a0hours, 6\u00a0minutes ago\n \n Description : Authorization handling for component configuration verification requests in A...", "creation_timestamp": "2026-06-22T12:04:14.349805Z"}, {"uuid": "852b716c-237a-414a-a84a-ea1cd14cefc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44913", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mouv3qh3ac2j", "content": "CVE-2026-44913 - Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL\nCVE ID : CVE-2026-44913\n \n Published : June 22, 2026, 7:36 a.m. | 4\u00a0hours, 7\u00a0minutes ago\n \n Description : Improper escaping of database table names in the CaptureChangeMySQL Processor included...", "creation_timestamp": "2026-06-22T12:27:19.172986Z"}, {"uuid": "05f43efe-fbff-42f5-ac2d-fc6073710565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44914", "type": "seen", "source": "https://bsky.app/profile/checkmarxzero.bsky.social/post/3mowzgqkgoc2a", "content": "\ud83d\udea8 CVE-2026-44914 (High) affects Apache NiFi versions 1.12.0 through 2.9.0.\n\nThe vulnerability allows users with general write access to add Restricted components when replacing Process Groups due to missing authorization checks.\n\nUpgrade to Apache NiFi 2.9.0 to mitigate the issue.", "creation_timestamp": "2026-06-23T08:50:22.762018Z"}]}