{"vulnerability": "CVE-2026-4718", "sightings": [{"uuid": "bfaaf389-63e5-4dfc-8c6c-335888707482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn34f42qcq2r", "content": "CVE-2026-47187, CVE-2026-48711: sshfs", "creation_timestamp": "2026-05-30T13:03:24.621529Z"}, {"uuid": "ec3a706b-0d64-4703-aafe-2d118ef8d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/116663533676457323", "content": "CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/writeSeverity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)CWE: CWE-59 (Improper Link Resolution Before File Access)\nA rogue SFTP server can return symlink targets (absolute paths or relative \"../../../\" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary \"cp\" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.\nhttps://www.openwall.com/lists/oss-security/2026/05/30/3\n#CVE_2026_47187", "creation_timestamp": "2026-05-30T12:30:53.342192Z"}, {"uuid": "f61d0788-abf4-4013-be5f-8a96751c1b37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4718", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mhu7d6hbhv2w", "content": "", "creation_timestamp": "2026-03-25T04:01:27.583836Z"}]}