{"vulnerability": "cve-2026-49260", "sightings": [{"uuid": "ae81ec21-e385-4ef6-a407-65cb6e3660bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49260", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3monvvf7aa22k", "content": "CVE-2026-49260 - PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)\nCVE ID : CVE-2026-49260\n \n Published : June 19, 2026, 4:59 p.m. | 44\u00a0minutes ago\n \n Description ...", "creation_timestamp": "2026-06-19T17:53:01.488925Z"}, {"uuid": "942b294b-5978-43b6-9dc7-72352f203885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49260", "type": "published-proof-of-concept", "source": "https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-f5gc-qxf8-mh9g", "content": "", "creation_timestamp": "2026-06-26T22:35:24.955418Z"}]}