{"vulnerability": "CVE-2026-4944", "sightings": [{"uuid": "e099f20a-359b-4618-93b4-f83f88b13ca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4944", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwss4nokb2g", "content": "\ud83d\udfe0 CVE-2026-4944 - High (8.8)\n\nvllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` para...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4944/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T20:01:05.803403Z"}, {"uuid": "b779ae8c-aba6-4d5f-bded-79e4042b15ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4944", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwxykvxhb2i", "content": "CVE-2026-4944 - Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control\nCVE ID : CVE-2026-4944\n \n Published : May 28, 2026, 7:16 p.m. | 1\u00a0hour, 15\u00a0minutes ago\n \n Description : vllm-project/vllm version 0.14.1 contains a vulnerability where the `tru...", "creation_timestamp": "2026-05-28T21:34:10.021945Z"}, {"uuid": "f275ddf1-f851-4846-aca3-4357ddcf31d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndrhe3k6f2d", "content": "CVE-2026-49448 - authentik: SourceStage bypass via empty POST\nCVE ID : CVE-2026-49448\n \n Published : June 2, 2026, 9:16 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source...", "creation_timestamp": "2026-06-02T23:41:46.580822Z"}, {"uuid": "92ff029d-b1de-4189-aadc-a10020a742f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnilgaxbpr2s", "content": "\ud83d\udccc CVE-2026-49448 - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an emp... https://www.cyberhub.blog/cves/CVE-2026-49448", "creation_timestamp": "2026-06-04T21:37:06.219447Z"}, {"uuid": "94f3f074-fdce-4cce-94b6-982a44d7bda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49443", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndlslsoje2q", "content": "\ud83d\udfe0 CVE-2026-49443 - High (8.8)\n\nauthentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5....\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49443/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-02T22:00:52.437444Z"}, {"uuid": "f1aa93b7-dcbb-4533-9f16-cc2529dea8b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndlst2fsr22", "content": "\ud83d\udd34 CVE-2026-49448 - Critical (9.8)\n\nauthentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5....\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49448/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-02T22:00:55.385911Z"}, {"uuid": "7909b522-2441-4e79-80f7-62acd5a63512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mndpfsttse2i", "content": "CVE-2026-49448 - Critical authentication bypass in Authentik. Sending an empty POST bypasses the Source stage. CVSS 9.8. Update to 2025.12.6, 2026.2.4, or 2026.5.1 immediately. #CVE #Authentik #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-49448/", "creation_timestamp": "2026-06-02T23:05:07.824942Z"}, {"uuid": "ee5aeed4-b1cd-4f22-9e6f-8e81e550d337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49443", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndqvbhnqd2d", "content": "CVE-2026-49443 - authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API\nCVE ID : CVE-2026-49443\n \n Published : June 2, 2026, 9:16 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. Prio...", "creation_timestamp": "2026-06-02T23:31:39.883498Z"}, {"uuid": "d5a9c870-fb04-46be-94ff-d1d8ead4a8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49443", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mniqh7zbwt2f", "content": "\ud83d\udccc CVE-2026-49443 - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source co... https://www.cyberhub.blog/cves/CVE-2026-49443", "creation_timestamp": "2026-06-04T23:07:07.328479Z"}]}