{"vulnerability": "CVE-2026-44986", "sightings": [{"uuid": "20ffc410-6524-4514-bd25-b88f4ff7f258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqp2zwwfih2x", "content": "CVE-2026-44986 - penpot\nPenpot, a design tool, had a security weakness that allowed a registered user to take over any non-blocked account by using an invitation token. This meant that an attacker could gain access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#penpot #CVE #infosec", "creation_timestamp": "2026-07-15T15:48:05.820266Z"}, {"uuid": "58cca795-a2ad-4e76-b332-51fb4c3cc78c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqqurwh7u42e", "content": "CVE-2026-44986 - Critical Auth Bypass in Penpot. CVSS 9.9. Attackers can hijack any non-blocked account. Update to 2.14.5 immediately. #CVE #infosec #Penpot\n\nhttps://www.valtersit.com/cve/CVE-2026-44986/", "creation_timestamp": "2026-07-16T09:01:34.285999Z"}, {"uuid": "a8d00df6-3e1b-4d99-8fdc-fe445afc4109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116928840317268735", "content": "CVE-2026-44986 - Critical Auth Bypass in Penpot. CVSS 9.9. Attackers can hijack any non-blocked account. Update to 2.14.5 immediately. #CVE #infosec #Penpot\nhttps://www.valtersit.com/cve/CVE-2026-44986/", "creation_timestamp": "2026-07-16T09:01:50.850421Z"}]}