{"vulnerability": "cve-2026-4881", "sightings": [{"uuid": "67d21ec3-55ba-40e0-8c14-573b4c6c77ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjls6xuq2q", "content": "CVE-2026-48810 - FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check\nCVE ID : CVE-2026-48810\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1...", "creation_timestamp": "2026-05-29T21:54:28.143354Z"}, {"uuid": "ff7c4f61-067d-4e10-991e-23f57bdfc8a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://gist.github.com/Neclode/e868c6230e0f67710aaf558313f9fa67", "content": "# CVE-2026-4881 \u2014 Kubernetes Kubelet Certificate Rotation Race Condition\n\n**CVSS 8.1 (HIGH)** | Published April 28, 2026 | Updated May 15, 2026\n\n## Summary\n\nA race condition in kubelet TLS certificate rotation affects Kubernetes versions 1.28 through 1.31. During the approximately 90-second certificate renewal window, an adjacent network attacker can intercept kubelet API traffic via MitM.\n\n## Affected Versions\n\n| Version | Status |\n|---------|--------|\n| v1.28.x | Affected |\n| v1.29.x | Affected |\n| v1.30.x | Affected |\n| v1.31.x | Affected |\n| v1.32.0+ | Fixed |\n\n## Details\n\nThe kubelet certificate rotation mechanism contains a time-of-check to time-of-use (TOCTOU) flaw. When the kubelet requests a new serving certificate from the cluster CA, there is a window where the old certificate has been marked for rotation but the new certificate has not yet been installed. During this window, the kubelet falls back to a self-signed bootstrap certificate that does not chain to the cluster CA.\n\nAn attacker on the same network segment can exploit this window to present their own certificate and intercept API server to kubelet communications, including exec, logs, and port-forward requests.\n\n## Mitigation\n\n- Upgrade to Kubernetes v1.32.0 or later\n- Enable mutual TLS verification on all kubelet communications\n- Monitor for certificate rotation anomalies using audit logging\n\n## Full Advisory\n\nFull technical details, proof of concept, and timeline available at:\n\n**https://cloudsec-research.org/advisories/k8s-2026-04-rotation**\n\n## References\n\n- Advisory ID: CSRG-2026-0428\n- Tracking: KSRC-2026-04-ROTATION\n- CWE: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)\n- CloudSec Research Group: https://cloudsec-research.org\n\n---\n*Published by CloudSec Research Group under coordinated disclosure.*\n", "creation_timestamp": "2026-05-18T23:56:50.000000Z"}, {"uuid": "321e0508-35df-42a1-b530-31d9ec38bb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzk5vpbtf27", "content": "CVE-2026-48811 - FreeScout: Thread Deletion Bypasses Mailbox Access Revocation\nCVE ID : CVE-2026-48811\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, ...", "creation_timestamp": "2026-05-29T22:04:36.119200Z"}, {"uuid": "199c2c60-44b2-4277-a129-731e022f1fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhnymzsy2x", "content": "CVE-2026-4881 - Octopus Server API Unauthorized Server Level Changes\nCVE ID : CVE-2026-4881\n \n Published : June 4, 2026, 10:16 a.m. | 16\u00a0minutes ago\n \n Description : In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated u...", "creation_timestamp": "2026-06-04T10:57:10.997968Z"}]}