{"vulnerability": "CVE-2026-4100", "sightings": [{"uuid": "0bc554f2-b39a-47ce-b12c-ad1e59ed3b37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlaimg64462k", "content": "CVE-2026-41002 - Spring Cloud Config Git Repository TOCTOU Vulnerability\nCVE ID : CVE-2026-41002\n \n Published : May 7, 2026, 3:53 a.m. | 31\u00a0minutes ago\n \n Description : The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clon...", "creation_timestamp": "2026-05-07T05:35:10.661072Z"}, {"uuid": "58d89070-377d-4d59-b891-24e07f3bbe9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41004", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlakplsqy52v", "content": "CVE-2026-41004 - Spring Cloud Config: Information Disclosure through Trace Logging\nCVE ID : CVE-2026-41004\n \n Published : May 7, 2026, 3:51 a.m. | 33\u00a0minutes ago\n \n Description : When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plai...", "creation_timestamp": "2026-05-07T06:12:44.558474Z"}, {"uuid": "5c087124-999c-4dad-8db8-0b1ec15c84ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41002", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlbh3arwaw2e", "content": "\ud83d\udd17 CVE : CVE-2026-40981, CVE-2026-40982, CVE-2026-41002, CVE-2026-41004", "creation_timestamp": "2026-05-07T14:40:20.558435Z"}, {"uuid": "902f12d6-ca8a-4462-aca8-e85146dca4f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41004", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlbh3arwaw2e", "content": "\ud83d\udd17 CVE : CVE-2026-40981, CVE-2026-40982, CVE-2026-41002, CVE-2026-41004", "creation_timestamp": "2026-05-07T14:40:20.722675Z"}, {"uuid": "1add11f9-d011-440f-8b21-927e05f9a27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41002", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-431", "content": "", "creation_timestamp": "2026-05-07T06:48:23.000000Z"}, {"uuid": "5f615537-bd45-4d1c-a25c-752821bbb6b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41002", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-spring-cloud-config", "content": "", "creation_timestamp": "2026-05-07T07:29:50.000000Z"}, {"uuid": "be5abccc-dbb9-43b6-bbc4-0e7cffa8bcca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41004", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-spring-cloud-config", "content": "", "creation_timestamp": "2026-05-07T07:29:50.000000Z"}, {"uuid": "82feaa8b-a76e-477d-9fad-dde312b1885b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4100", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mlxp2p5ko22h", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-4100 Paid Memberships\u00a0Pro\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\nPaid Memberships Pro\u30d7\u30e9\u30b0\u30a4\u30f3\u306f\u3001\u3059\u3079\u3066\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\uff083.6.5\u3092\u542b\u3080\uff09\u306b\u304a\u3044\u3066\u3001Stripe webhook\u306e\u8a2d\u5b9a\u304c\u4e0d\u6b63\u306b\u5909\u66f4\u3055\u308c\u308b\u8106\u5f31\u6027\u3092\u62b1\u3048\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-05-16T11:02:08.797878Z"}, {"uuid": "aaff4eea-e638-4de2-a6e5-d54aac6b71bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41009", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmt6mzraeh2k", "content": "CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes\nCVE ID : CVE-2026-41009\n \n Published : May 27, 2026, 8:16 a.m. | 15\u00a0minutes ago\n \n Description : When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by Agen...", "creation_timestamp": "2026-05-27T09:22:20.219393Z"}, {"uuid": "4026d5b8-3b1c-467a-a083-054b762af883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41007", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mntq6af5ab2n", "content": "\ud83d\udfe0 CVE-2026-41007 - High (7.5)\n\nSpring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attac...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41007/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-09T08:01:23.707676Z"}, {"uuid": "98262acb-bffa-421f-9758-401bc57f057e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41006", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnttir6rsy26", "content": "\ud83d\udfe0 CVE-2026-41006 - High (7.5)\n\nSpring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41006/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-09T09:00:58.807669Z"}, {"uuid": "2c325f98-8a13-40fc-9b6e-41de1c9626fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41003", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvt6vxdwr24", "content": "\ud83d\udfe0 CVE-2026-41003 - High (7.6)\n\nAn attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary cod...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41003/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-10T04:00:47.809658Z"}, {"uuid": "7bb0c5a9-cf5a-4783-8f0e-af09c2aaba79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41001", "type": "seen", "source": "https://bsky.app/profile/0.5ritter.de/post/3mnymx7g2722u", "content": "Spring Boot 3.5.15 available now\n\nspring.io/blog/2026/06...\n\nThis release addresses the following CVEs:\n\n* CVE-2026-40992 \"Mail Auto-Configuration Does Not Enable SSL Hostname Verification\"\n* CVE-2026-41001 \"Predictable Temp Directory in Artemis Auto-configuration\"\n\n#java #spring #springboot", "creation_timestamp": "2026-06-11T06:47:07.173909Z"}, {"uuid": "068170c2-12c0-4209-9416-dda11bc4b6bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41001", "type": "seen", "source": "https://bsky.app/profile/0.5ritter.de/post/3mnyn2l2qo22u", "content": "Spring Boot 4.0.7 available now\n\nspring.io/blog/2026/06...\n\nThis release addresses the following CVEs:\n\n* CVE-2026-40992 \"Mail Auto-Configuration Does Not Enable SSL Hostname Verification\"\n* CVE-2026-41001 \"Predictable Temp Directory in Artemis Auto-configuration\"\n\n#java #spring #springboot", "creation_timestamp": "2026-06-11T06:49:09.603113Z"}, {"uuid": "d65b94a5-e678-47df-bda4-331d2b7f03a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41000", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaoi3n5f2d", "content": "\ud83d\udd17 CVE : CVE-2026-40985, CVE-2026-40986, CVE-2026-40987, CVE-2026-40992, CVE-2026-40994, CVE-2026-40995, CVE-2026-40996, CVE-2026-40997, CVE-2026-40998, CVE-2026-40999, CVE-2026-41000, CVE-2026-41862", "creation_timestamp": "2026-06-11T12:40:07.835921Z"}, {"uuid": "9fffe5ed-8ba1-480c-bc62-bae31f313652", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41005", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moban2bf3u2c", "content": "\ud83d\udd34 CVE-2026-41005 - Critical (9)\n\nCloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41005/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T17:00:36.824456Z"}, {"uuid": "5df30ba5-8995-46d2-87fb-4165ad6a270f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41001", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mofrmmqg672x", "content": "\ud83d\udd17 CVE : CVE-2026-41001, CVE-2026-41699, CVE-2026-41700, CVE-2026-41856", "creation_timestamp": "2026-06-16T12:15:14.515422Z"}, {"uuid": "cf4a1f6d-7693-4d76-a9ee-c13ab361ec0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41003", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mombbn42ys2n", "content": "Spring Security\u3068Spring WS\u304cXSS\u30fbSSRF\u30fbXXE\u30fbBSP\u691c\u8a3c\u30d0\u30a4\u30d1\u30b9\u3092\u542b\u3080\u8907\u6570\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63(CVE-2026-41003,CVE-2026-40999)\u4ed6\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-19T02:11:28.280293Z"}]}