{"uuid": "73e7afb7-4074-4afa-98c2-5e285dc0bcc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31852", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmcip2b7x72f", "content": "CVE-2026-31852 - Critical supply chain attack in Jellyfin iOS. GitHub Actions workflow allows repo takeover, secret exfiltration, and App Store poisoning. CVSS 10. UNPATCHED. Disable workflow immediately. #CVE #jellyfin #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-31852/", "creation_timestamp": "2026-05-20T18:07:09.531198Z"}