https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 04 Jun 2026 02:59:04 +0000 https://vulnerability.circl.lu/sighting/d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10/export {"uuid": "d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42359", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nw4nzo32u", "content": "CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint \u2014 XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator", "creation_timestamp": "2026-05-31T13:22:28.619981Z"} {"uuid": "d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42359", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nw4nzo32u", "content": "CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint \u2014 XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator", "creation_timestamp": "2026-05-31T13:22:28.619981Z"} https://vulnerability.circl.lu/sighting/d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10/export Sun, 31 May 2026 13:22:28 +0000 https://vulnerability.circl.lu/sighting/e5a23430-65cc-44d5-968f-a893605c30c1/export {"uuid": "e5a23430-65cc-44d5-968f-a893605c30c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mn7urgkev32g", "content": "Apache Airflow 3.2.0 has a CRITICAL XCom PATCH deserialization bug (CVE-2026-42359). Authenticated users with write rights risk RCE. Upgrade to 3.2.2+ and restrict permissions. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #Vuln", "creation_timestamp": "2026-06-01T10:30:27.322316Z"} {"uuid": "e5a23430-65cc-44d5-968f-a893605c30c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mn7urgkev32g", "content": "Apache Airflow 3.2.0 has a CRITICAL XCom PATCH deserialization bug (CVE-2026-42359). Authenticated users with write rights risk RCE. Upgrade to 3.2.2+ and restrict permissions. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #Vuln", "creation_timestamp": "2026-06-01T10:30:27.322316Z"} https://vulnerability.circl.lu/sighting/e5a23430-65cc-44d5-968f-a893605c30c1/export Mon, 01 Jun 2026 10:30:27 +0000 https://vulnerability.circl.lu/sighting/f9b3e178-12cf-470b-9440-113ce4e3a821/export {"uuid": "f9b3e178-12cf-470b-9440-113ce4e3a821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116674384679698884", "content": "\ud83d\udea9 CVE-2026-42359 (CRITICAL): Apache Airflow 3.2.0 XCom PATCH deserialization flaw enables authenticated users with XCom write to execute code remotely. Upgrade to 3.2.2+ to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #RCE #Security", "creation_timestamp": "2026-06-01T10:30:34.741044Z"} {"uuid": "f9b3e178-12cf-470b-9440-113ce4e3a821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116674384679698884", "content": "\ud83d\udea9 CVE-2026-42359 (CRITICAL): Apache Airflow 3.2.0 XCom PATCH deserialization flaw enables authenticated users with XCom write to execute code remotely. Upgrade to 3.2.2+ to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #RCE #Security", "creation_timestamp": "2026-06-01T10:30:34.741044Z"} https://vulnerability.circl.lu/sighting/f9b3e178-12cf-470b-9440-113ce4e3a821/export Mon, 01 Jun 2026 10:30:34 +0000