{"vulnerability": "cve-2026-57807", "sightings": [{"uuid": "2dd5ca91-708d-4575-938d-7595ebe21d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqd5js45ha2w", "content": "\ud83d\udd34 CVE-2026-57807 - Critical (9.8)\n\nAuthentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Sof...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-57807/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T22:00:48.866242Z"}, {"uuid": "6ae77f09-571f-490a-89c7-0bc64d17c3be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqdbxlqail22", "content": "CVE-2026-57807 - oauth single sign on - sso (oauth client)\nA security issue in miniOrange's OAuth Single Sign On (SSO) software allows attackers to bypass authentication using an alternative method. This affects all versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T23:20:06.351104Z"}, {"uuid": "5db1ac1b-5fd3-4823-a374-673ddf3b3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmq2jue32e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-57807 \u0432 miniOrange: \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b\n\n\n\nhttps://kripta.biz/posts/6228B95A-3683-4D68-A0DF-456519ACB9CF", "creation_timestamp": "2026-07-11T02:32:44.578138Z"}, {"uuid": "6520bdb9-8fcc-4cb2-a602-466bc3e9031a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899107707038521", "content": "CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (&lt;=38.5.8). Exploit via password recovery threatens full compromise. No patch yet \u2014 monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #CVE202657807 #OAuth #Security", "creation_timestamp": "2026-07-11T03:00:26.831919Z"}, {"uuid": "d1bd056c-5392-46f5-83c9-ea2e583ec713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdobmy6nq2d", "content": "miniOrange OAuth SSO (&lt;=38.5.8) is affected by CRITICAL CVE-2026-57807: authentication bypass via password recovery. No patch \u2014 watch for updates and secure affected systems. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #OAuth #Vulner...", "creation_timestamp": "2026-07-11T03:00:28.627120Z"}, {"uuid": "3f69f339-da84-49f3-a516-e5bbf59e83f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqgfl4ieaj2e", "content": "Daily IT Security Digest \u2014 2026-07-12\nsystems.\nSources: [The Hacker Wire](https://www.thehackerwire.com/vulnerability/CVE-2026-61444/)\n\n## 6. miniOrange OAuth SSO: Critical Auth Bypass \u2014 CVE-2026-57807\nA CRITICAL authentication bypass vulnerability (CVE-2026-57807) exists in miniOrange OAuth SSO", "creation_timestamp": "2026-07-12T05:02:41.977829Z"}, {"uuid": "916eb27d-ceed-4277-8f6d-1472b08f32c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mqginknoyn22", "content": "CVE-2026-57807: Bypass total en plugin OAuth de WordPress\n\n#cve202657807 #miniorangeoauth #wordpresssso #bypassautenticacion #seguridadwordpress", "creation_timestamp": "2026-07-12T05:57:45.926871Z"}]}