{"vulnerability": "CVE-2026-31852", "sightings": [{"uuid": "d624c17a-92ea-4102-961a-1a1176bf60ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31852", "type": "seen", "source": "https://infosec.exchange/users/mttaggart/statuses/116240425532826680", "content": "", "creation_timestamp": "2026-03-16T19:08:55.464381Z"}, {"uuid": "73e7afb7-4074-4afa-98c2-5e285dc0bcc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31852", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmcip2b7x72f", "content": "CVE-2026-31852 - Critical supply chain attack in Jellyfin iOS. GitHub Actions workflow allows repo takeover, secret exfiltration, and App Store poisoning. CVSS 10. UNPATCHED. Disable workflow immediately. #CVE #jellyfin #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-31852/", "creation_timestamp": "2026-05-20T18:07:09.531198Z"}, {"uuid": "5b2fe20f-9f57-426e-8fb1-57608bcceaf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31852", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhj3uisym32m", "content": "", "creation_timestamp": "2026-03-20T18:00:14.272175Z"}]}