{"uuid": "6ea3313a-7bad-4823-b953-2492bd14f7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116564677807182613", "content": "\u26a0\ufe0f CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow", "creation_timestamp": "2026-05-13T01:30:36.192793Z"}