{"vulnerability": "cve-2026-23734", "sightings": [{"uuid": "128f0773-8983-442d-a46d-7af7b61fbe93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-23734", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116612099529875004", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-23734 in XWiki Platform (xwiki-commons) allows unauthenticated path traversal \u2014 attackers can read config files via crafted 'resource' parameters. Patch to 18.1.0-rc-1, 17.10.3, 17.4.9, or 16.10.17+ now! https://radar.offseq.com/threat/cve-2026-23734-cwe-23-relative-path-traversal-in-x-16518aab #OffSeq #xwiki #vuln", "creation_timestamp": "2026-05-21T10:30:29.608958Z"}, {"uuid": "135be95b-bcc3-4d8c-a418-348b2c16b518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-23734", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mme7ngimaj23", "content": "CRITICAL: XWiki xwiki-commons path traversal lets attackers read config files unauthenticated. Affects <18.1.0-rc-1, <17.10.3, <17.4.9, <16.10.17. Patch immediately! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-23734-cwe-23-relative-path-traversal-in-x-16518aab #OffSeq #xwiki #security", "creation_timestamp": "2026-05-21T10:30:32.051692Z"}]}