<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 02:02:20 +0000</lastBuildDate>
    <item>
      <title>5d6af9cf-672d-438c-9a45-975651dbd946</title>
      <link>https://vulnerability.circl.lu/sighting/5d6af9cf-672d-438c-9a45-975651dbd946/export</link>
      <description>{"uuid": "5d6af9cf-672d-438c-9a45-975651dbd946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11386", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqsgzm7l7j2t", "content": "ubuntu-pro-client (ubuntu-advantage-tools) CRITICAL vuln: attackers can inject APT config and install root-level packages by manipulating contract server responses. Default on Ubuntu Pro images. Patch TBD. More: https://radar.offseq.com/threat/ubuntu-cve-2026-11386-a076c116b384b281 #OffSeq #Linux...", "creation_timestamp": "2026-07-17T00:00:39.363923Z"}</description>
      <content:encoded>{"uuid": "5d6af9cf-672d-438c-9a45-975651dbd946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11386", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqsgzm7l7j2t", "content": "ubuntu-pro-client (ubuntu-advantage-tools) CRITICAL vuln: attackers can inject APT config and install root-level packages by manipulating contract server responses. Default on Ubuntu Pro images. Patch TBD. More: https://radar.offseq.com/threat/ubuntu-cve-2026-11386-a076c116b384b281 #OffSeq #Linux...", "creation_timestamp": "2026-07-17T00:00:39.363923Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5d6af9cf-672d-438c-9a45-975651dbd946/export</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:39 +0000</pubDate>
    </item>
    <item>
      <title>c867171d-4118-4a29-bef2-7e6362b0e837</title>
      <link>https://vulnerability.circl.lu/sighting/c867171d-4118-4a29-bef2-7e6362b0e837/export</link>
      <description>{"uuid": "c867171d-4118-4a29-bef2-7e6362b0e837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11386", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116932374467367447", "content": "CRITICAL vuln in ubuntu-pro-client &amp;lt;37.2ubuntu~22.04.1: contract server manipulation can inject malicious APT config &amp;amp; install arbitrary packages as root. Preinstalled on Ubuntu Pro images. Patch status TBD. Details: https://radar.offseq.com/threat/ubuntu-cve-2026-11386-a076c116b384b281 #OffSeq #Ubuntu #LinuxSec #Vulnerability", "creation_timestamp": "2026-07-17T00:00:38.053492Z"}</description>
      <content:encoded>{"uuid": "c867171d-4118-4a29-bef2-7e6362b0e837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11386", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116932374467367447", "content": "CRITICAL vuln in ubuntu-pro-client &amp;lt;37.2ubuntu~22.04.1: contract server manipulation can inject malicious APT config &amp;amp; install arbitrary packages as root. Preinstalled on Ubuntu Pro images. Patch status TBD. Details: https://radar.offseq.com/threat/ubuntu-cve-2026-11386-a076c116b384b281 #OffSeq #Ubuntu #LinuxSec #Vulnerability", "creation_timestamp": "2026-07-17T00:00:38.053492Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c867171d-4118-4a29-bef2-7e6362b0e837/export</guid>
      <pubDate>Fri, 17 Jul 2026 00:00:38 +0000</pubDate>
    </item>
    <item>
      <title>cfc6b5c0-4fd5-443f-ae08-2402c82ac5f4</title>
      <link>https://vulnerability.circl.lu/sighting/cfc6b5c0-4fd5-443f-ae08-2402c82ac5f4/export</link>
      <description>{"uuid": "cfc6b5c0-4fd5-443f-ae08-2402c82ac5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrp37vpr72x", "content": "CVE-2026-11386 - ubuntu-advantage-tools\nA security risk exists in Canonical ubuntu-pro-client software. An attacker could manipulate a contract response to inject malicious package information,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#canonical #Ubuntu2204LTS #CVE #infosec", "creation_timestamp": "2026-07-16T16:52:03.851799Z"}</description>
      <content:encoded>{"uuid": "cfc6b5c0-4fd5-443f-ae08-2402c82ac5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrp37vpr72x", "content": "CVE-2026-11386 - ubuntu-advantage-tools\nA security risk exists in Canonical ubuntu-pro-client software. An attacker could manipulate a contract response to inject malicious package information,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#canonical #Ubuntu2204LTS #CVE #infosec", "creation_timestamp": "2026-07-16T16:52:03.851799Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cfc6b5c0-4fd5-443f-ae08-2402c82ac5f4/export</guid>
      <pubDate>Thu, 16 Jul 2026 16:52:03 +0000</pubDate>
    </item>
    <item>
      <title>dfdd6094-f9fb-4b7a-a65d-fea6d898719a</title>
      <link>https://vulnerability.circl.lu/sighting/dfdd6094-f9fb-4b7a-a65d-fea6d898719a/export</link>
      <description>{"uuid": "dfdd6094-f9fb-4b7a-a65d-fea6d898719a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjxybz3a2o", "content": "CVE-2026-11386 - ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution\nCVE ID : CVE-2026-11386\n \n Published : July 16, 2026, 1:16 p.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : An input validation and injection ...", "creation_timestamp": "2026-07-16T15:20:46.061542Z"}</description>
      <content:encoded>{"uuid": "dfdd6094-f9fb-4b7a-a65d-fea6d898719a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjxybz3a2o", "content": "CVE-2026-11386 - ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution\nCVE ID : CVE-2026-11386\n \n Published : July 16, 2026, 1:16 p.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : An input validation and injection ...", "creation_timestamp": "2026-07-16T15:20:46.061542Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dfdd6094-f9fb-4b7a-a65d-fea6d898719a/export</guid>
      <pubDate>Thu, 16 Jul 2026 15:20:46 +0000</pubDate>
    </item>
    <item>
      <title>c3f261b5-5e77-4a38-b38d-4924c8d23990</title>
      <link>https://vulnerability.circl.lu/sighting/c3f261b5-5e77-4a38-b38d-4924c8d23990/export</link>
      <description>{"uuid": "c3f261b5-5e77-4a38-b38d-4924c8d23990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mqrglhi4kn2l", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-11386](https://ubuntu.com/security/CVE-2026-11386)\nAn input validation and injection vu...\nhttps://ubuntu.com/security/CVE-2026-11386 #PatchManagement #Vulnerability #CVE", "creation_timestamp": "2026-07-16T14:20:05.657622Z"}</description>
      <content:encoded>{"uuid": "c3f261b5-5e77-4a38-b38d-4924c8d23990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mqrglhi4kn2l", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-11386](https://ubuntu.com/security/CVE-2026-11386)\nAn input validation and injection vu...\nhttps://ubuntu.com/security/CVE-2026-11386 #PatchManagement #Vulnerability #CVE", "creation_timestamp": "2026-07-16T14:20:05.657622Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c3f261b5-5e77-4a38-b38d-4924c8d23990/export</guid>
      <pubDate>Thu, 16 Jul 2026 14:20:05 +0000</pubDate>
    </item>
    <item>
      <title>907d7baa-64f2-4453-83d0-85684fdfad4f</title>
      <link>https://vulnerability.circl.lu/sighting/907d7baa-64f2-4453-83d0-85684fdfad4f/export</link>
      <description>{"uuid": "907d7baa-64f2-4453-83d0-85684fdfad4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrehj3yns2w", "content": "CVE-2026-11386\nThe Canonical ubuntu-pro-client software can be tricked into installing malicious packages on Ubuntu servers, potentially allowing an attacker to execute code with root access. This issue affects preinstalled\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-16T13:42:04.871056Z"}</description>
      <content:encoded>{"uuid": "907d7baa-64f2-4453-83d0-85684fdfad4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11386", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrehj3yns2w", "content": "CVE-2026-11386\nThe Canonical ubuntu-pro-client software can be tricked into installing malicious packages on Ubuntu servers, potentially allowing an attacker to execute code with root access. This issue affects preinstalled\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-16T13:42:04.871056Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/907d7baa-64f2-4453-83d0-85684fdfad4f/export</guid>
      <pubDate>Thu, 16 Jul 2026 13:42:04 +0000</pubDate>
    </item>
  </channel>
</rss>
