{"vulnerability": "cve-2026-5477", "sightings": [{"uuid": "69c4d4f7-da56-4f13-b282-e2b5760653d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj4nssm7jw2d", "content": "", "creation_timestamp": "2026-04-10T06:07:11.455508Z"}, {"uuid": "fa7a425d-a2f1-4343-87f1-3581a616a8e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5477", "type": "seen", "source": "Telegram/X_hYu_4mFc-5em62dyPX2z20yH7qSW9mAMzHMEdwTQTYW2M", "content": "", "creation_timestamp": "2026-04-10T07:17:18.000000Z"}, {"uuid": "d4fe6051-bbdf-4b35-8952-01dff5df916f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54771", "type": "published-proof-of-concept", "source": "https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q", "content": "", "creation_timestamp": "2026-07-06T22:35:22.917345Z"}, {"uuid": "47feb0f4-d85b-499c-9330-8db50d8f0f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6he5cskz2g", "content": "CVE-2026-54773 - CoreWCF: WS-Security signature substitution via document-wide Signature lookup\nCVE ID : CVE-2026-54773\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to ...", "creation_timestamp": "2026-07-09T01:13:17.615368Z"}, {"uuid": "307904f5-8ffa-4bd8-a650-07981b40ad56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54772", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hkcewcy2x", "content": "CVE-2026-54772 - CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake\nCVE ID : CVE-2026-54772\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Window...", "creation_timestamp": "2026-07-09T01:16:44.359902Z"}, {"uuid": "96427721-2f5d-4c21-a87c-f2281fc93755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6i5snv3v27", "content": "CVE-2026-54779 - CoreWCF: SAML token replay protection is inoperative\nCVE ID : CVE-2026-54779\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 ...", "creation_timestamp": "2026-07-09T01:27:38.837269Z"}, {"uuid": "620eb286-804d-499d-a8d8-78fcfbde3f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54775", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6icp4g3g27", "content": "CVE-2026-54775 - CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.\nCVE ID : CVE-2026-54775\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the se...", "creation_timestamp": "2026-07-09T01:30:22.949786Z"}, {"uuid": "c9fedc3b-190b-4d45-8d2b-808daacca4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6io2uglh2x", "content": "CVE-2026-54774 - CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate\nCVE ID : CVE-2026-54774\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Windows Com...", "creation_timestamp": "2026-07-09T01:36:44.381035Z"}, {"uuid": "17270153-f2ed-4b00-a522-34bb5390d3fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6joeibdx2x", "content": "CVE-2026-54776 - CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade\nCVE ID : CVE-2026-54776\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Windows Communicat...", "creation_timestamp": "2026-07-09T01:54:48.247410Z"}, {"uuid": "33e514ee-9853-4025-9556-9ddc253cfb98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54778", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq6jxcxorx2e", "content": "CVE-2026-54778 - CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution\nCVE ID : CVE-2026-54778\n \n Published : July 8, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr...", "creation_timestamp": "2026-07-09T01:59:48.597600Z"}, {"uuid": "85e48df7-5613-4c6b-b9a7-700956ca5e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54771", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqax4od5hu2i", "content": "\ud83d\udfe0 CVE-2026-54771 - High (8.1)\n\nLangroid is a framework for building large-language-model-powered applications. Prior to version ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54771/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T01:00:49.582849Z"}, {"uuid": "2452ec80-c184-4d67-ab7c-1ec9d2ce0dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54771", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqb4j7ttvf2x", "content": "CVE-2026-54771 - Langroid: handle_message() executes user-supplied tool JSON without sender verification\nCVE ID : CVE-2026-54771\n \n Published : July 10, 2026, 12:16 a.m. | 1\u00a0hour, 30\u00a0minutes ago\n \n Description : Langroid is a framework for building large-language-model-powered...", "creation_timestamp": "2026-07-10T02:37:15.955871Z"}, {"uuid": "6bda5a99-37e6-4c5d-899f-bd28a4fea025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54771", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcwv4la5x2a", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54771 \u0432 Langroid: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/3ACD49C8-0807-463B-ACBE-A4851F7A33EB", "creation_timestamp": "2026-07-10T20:01:52.718906Z"}]}