{"vulnerability": "CVE-2026-44547", "sightings": [{"uuid": "2a14759e-b308-41ac-9add-b1d269ca90f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44547", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116564324244482665", "content": "\ud83d\udea8 CVE-2026-44547: CRITICAL improper authentication in ChurchCRM 7.2.0 \u2013 7.3.0 (CVSS 9.6). Low-priv attackers can bypass auth and compromise data. Upgrade to 7.3.1 urgently! https://radar.offseq.com/threat/cve-2026-44547-cwe-287-improper-authentication-in--0654119a #OffSeq #ChurchCRM #Vuln #infosec", "creation_timestamp": "2026-05-13T00:00:38.052582Z"}, {"uuid": "b0b6d343-3447-40cf-b92a-c9cbe296430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44547", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mloypqjnid2d", "content": "CRITICAL: ChurchCRM 7.2.0 \u2013 7.3.0 has a major auth flaw (CVE-2026-44547, CVSS 9.6). Attackers can fully compromise data \u2014 upgrade to 7.3.1 now! \ud83d\udd11 https://radar.offseq.com/threat/cve-2026-44547-cwe-287-improper-authentication-in--0654119a #OffSeq #ChurchCRM #security", "creation_timestamp": "2026-05-13T00:00:39.042964Z"}, {"uuid": "92dbb930-75ae-434a-8369-8784d926200c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7gkadlq2v", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : ChurchCRM is an open-source churc...", "creation_timestamp": "2026-05-13T02:00:45.882500Z"}, {"uuid": "5950661e-ae43-49e8-bd07-88fc193f1584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7yh4nla2i", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church...", "creation_timestamp": "2026-05-13T02:10:46.573881Z"}, {"uuid": "48e2f0e2-ce7a-4c8d-9919-f110fc1085cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpdczvqto2g", "content": "\ud83d\udd34 CVE-2026-44547 - Critical (9.6)\n\nChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44547/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:10:23.757397Z"}]}