Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-04T02:59:05.244281+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10/export d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10 2026-06-04T02:59:05.611151+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42359", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nw4nzo32u", "content": "CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint \u2014 XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator", "creation_timestamp": "2026-05-31T13:22:28.619981Z"} 2026-05-31T13:22:28.619981+00:00 https://vulnerability.circl.lu/sighting/e5a23430-65cc-44d5-968f-a893605c30c1/export e5a23430-65cc-44d5-968f-a893605c30c1 2026-06-04T02:59:05.610880+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e5a23430-65cc-44d5-968f-a893605c30c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mn7urgkev32g", "content": "Apache Airflow 3.2.0 has a CRITICAL XCom PATCH deserialization bug (CVE-2026-42359). Authenticated users with write rights risk RCE. Upgrade to 3.2.2+ and restrict permissions. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #Vuln", "creation_timestamp": "2026-06-01T10:30:27.322316Z"} 2026-06-01T10:30:27.322316+00:00 https://vulnerability.circl.lu/sighting/f9b3e178-12cf-470b-9440-113ce4e3a821/export f9b3e178-12cf-470b-9440-113ce4e3a821 2026-06-04T02:59:05.607175+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f9b3e178-12cf-470b-9440-113ce4e3a821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116674384679698884", "content": "\ud83d\udea9 CVE-2026-42359 (CRITICAL): Apache Airflow 3.2.0 XCom PATCH deserialization flaw enables authenticated users with XCom write to execute code remotely. Upgrade to 3.2.2+ to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #RCE #Security", "creation_timestamp": "2026-06-01T10:30:34.741044Z"} 2026-06-01T10:30:34.741044+00:00