{"vulnerability": "CVE-2026-42605", "sightings": [{"uuid": "a786bfd1-d990-4433-a393-431403c4f3ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42605", "type": "published-proof-of-concept", "source": "https://github.com/AzuraCast/AzuraCast/security/advisories/GHSA-vp2f-cqqp-478j", "content": "", "creation_timestamp": "2026-04-23T19:32:57.000000Z"}, {"uuid": "a3458e25-6fa6-415d-b3b9-17d24acca5e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42605", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5a355gx2c", "content": "\ud83d\udfe0 CVE-2026-42605 - High (8.8)\n\nAzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42605/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T21:00:03.830846Z"}, {"uuid": "23298f63-85d5-4ec7-8eaf-d5d238235cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42605", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh5vf4kxk2i", "content": "CVE-2026-42605 - AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload\nCVE ID : CVE-2026-42605\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : AzuraCast is a self-hosted, all-in-one web radio management...", "creation_timestamp": "2026-05-09T21:11:58.350587Z"}, {"uuid": "c6b65a0a-96f8-4fe7-9890-5a5b1e154047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42605", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm42iqsm2g26", "content": "\ud83d\udccc CVE-2026-42605 - AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js medi... https://www.cyberhub.blog/cves/CVE-2026-42605", "creation_timestamp": "2026-05-18T04:37:07.956996Z"}]}