{"vulnerability": "CVE-2026-42193", "sightings": [{"uuid": "ee218e6b-03d2-4709-b6bc-f6774727d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n", "content": "\ud83d\udd34 CVE-2026-42193 - Critical (9.1)\n\nPlunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webh...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42193/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T22:28:32.583927Z"}, {"uuid": "e3523dcc-2f32-43cc-aef2-0afd1e502891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p", "content": "CVE-2026-42193 - Plunk: SNS webhook forgery\nCVE ID : CVE-2026-42193\n \n Published : May 8, 2026, 9:12 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon...", "creation_timestamp": "2026-05-08T22:36:49.958032Z"}, {"uuid": "a1d9a474-83ad-4c33-844f-0f856fa5ff1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116543444093952130", "content": "\ud83d\udea8 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 \u2014 verify your version & check vendor advisory. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #Vuln #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:30.998419Z"}, {"uuid": "99831c94-f9e8-4d37-9d0c-6fc1a172c63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfpykd4vo2v", "content": "CRITICAL vuln in Plunk (useplunk) < 0.9.0: SNS signatures not verified, allowing spoofed webhook abuse. Patched in 0.9.0 \u2014 confirm your version with vendor. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:33.624314Z"}]}