{"vulnerability": "CVE-2026-4858", "sightings": [{"uuid": "4cf49d92-dbe6-4c90-ac68-65cfa55bfa24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4858", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmeiipwgex2o", "content": "CVE-2026-4858 - Path traversal in integration action URL leading to arbitrary API execution via system admin\u2019s auth token.\nCVE ID : CVE-2026-4858\n \n Published : May 21, 2026, 9:16 a.m. | 3\u00a0hours, 1\u00a0minute ago\n \n Description : Mattermost versions 11.6.x <= 11.6.0, 11.5.x &lt...", "creation_timestamp": "2026-05-21T13:09:09.087377Z"}, {"uuid": "2b0c703a-6dd4-4408-850a-608a475b9b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4858", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmeep2dusz2k", "content": "\ud83d\udfe0 CVE-2026-4858 - High (8)\n\nMattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4858/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-21T12:00:55.584789Z"}, {"uuid": "9040264f-fdab-416d-9f39-a8c82b3c4573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4858", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-mattermost", "content": "", "creation_timestamp": "2026-05-19T00:51:14.000000Z"}, {"uuid": "4d2e5e5a-149b-483c-ac67-7d8d73bafae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48589", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqmvsowud2x", "content": "CVE-2026-48589: Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow", "creation_timestamp": "2026-05-26T08:59:47.812640Z"}]}