{"vulnerability": "CVE-2026-4820", "sightings": [{"uuid": "505fdd0a-6862-478b-be0d-45ef1e6d0f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4820", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mihpusgg5427", "content": "", "creation_timestamp": "2026-04-01T22:18:11.104312Z"}, {"uuid": "c5920a12-d53f-4ac8-b789-8cd885c130d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48207", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmf7jhprdt2n", "content": "\ud83d\udd34 CVE-2026-48207 - Critical (9.8)\n\nDeserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass d...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48207/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-21T20:01:11.098097Z"}, {"uuid": "c28ad8fc-0eb6-4761-828a-5044405ed670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48207", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmfctgmtcc26", "content": "Apache Fory <1.0.0 hit by CRITICAL deserialization bug \u2014 attackers could bypass validation and execute code if strict mode is off. Upgrade to 1.0.0+ now! \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-48207-cwe-502-deserialization-of-untruste-97a80f2c #OffSeq #CVE202648207 #AppSec", "creation_timestamp": "2026-05-21T21:00:13.889401Z"}, {"uuid": "0a2c81d8-eb2a-461a-bde5-39a13bd9d325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48207", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmewkfjyo22j", "content": "CVE-2026-48207: Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement", "creation_timestamp": "2026-05-21T17:20:27.138375Z"}, {"uuid": "ba7b4708-6638-4699-ab10-d730259bcf45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48207", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116614575641457628", "content": "\ud83d\udea8 CRITICAL: CVE-2026-48207 in Apache Fory <1.0.0 \u2014 Deserialization flaw in PyFory ReduceSerializer bypasses DeserializationPolicy, risking RCE if strict mode is off. Upgrade to 1.0.0+ ASAP! https://radar.offseq.com/threat/cve-2026-48207-cwe-502-deserialization-of-untruste-97a80f2c #OffSeq #CVE202648207 #Vulnerability #ApacheFory", "creation_timestamp": "2026-05-21T21:00:19.017391Z"}, {"uuid": "d5fa70bc-63b8-433d-b452-1bab1dcf3ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48207", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmf4gxjw3k2o", "content": "CVE-2026-48207 - Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement\nCVE ID : CVE-2026-48207\n \n Published : May 21, 2026, 5:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could ...", "creation_timestamp": "2026-05-21T19:05:52.589410Z"}]}