{"uuid": "c7c5820a-e070-4e1c-9e83-db67e04f2ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35482", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116684293866333535", "content": "\ud83d\udee1\ufe0f HIGH severity: CVE-2026-35482 in alf.io (<2.0-M5-2606) lets authenticated admins escape the Rhino JS sandbox and execute OS commands via Java reflection. Upgrade to 2.0-M5-2606 now! https://radar.offseq.com/threat/cve-2026-35482-cwe-863-incorrect-authorization-in--7701fe0c #OffSeq #Vulnerability #alfio #Security", "creation_timestamp": "2026-06-03T04:30:37.678921Z"}