https://vulnerability.circl.lu/sightings/feed 2026-05-31T02:37:59.419863+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/ec3a706b-0d64-4703-aafe-2d118ef8d8ae/export 2026-05-31T02:37:59.880786+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ec3a706b-0d64-4703-aafe-2d118ef8d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/116663533676457323", "content": "CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/writeSeverity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)CWE: CWE-59 (Improper Link Resolution Before File Access)\nA rogue SFTP server can return symlink targets (absolute paths or relative \"../../../\" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary \"cp\" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.\nhttps://www.openwall.com/lists/oss-security/2026/05/30/3\n#CVE_2026_47187", "creation_timestamp": "2026-05-30T12:30:53.342192Z"} 2026-05-30T12:30:53.342192+00:00 https://vulnerability.circl.lu/sighting/bfaaf389-63e5-4dfc-8c6c-335888707482/export 2026-05-31T02:37:59.877481+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "bfaaf389-63e5-4dfc-8c6c-335888707482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn34f42qcq2r", "content": "CVE-2026-47187, CVE-2026-48711: sshfs", "creation_timestamp": "2026-05-30T13:03:24.621529Z"} 2026-05-30T13:03:24.621529+00:00