{"vulnerability": "cve-2026-2576", "sightings": [{"uuid": "75b0537a-28f9-4bad-9da1-e2d8bd46a426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2576", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mf4dfvkk7t2s", "content": "", "creation_timestamp": "2026-02-18T05:20:15.113659Z"}, {"uuid": "2f421a12-a7dc-41fe-a16a-d5ecfae985ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2576", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mf4dgh6zvt2v", "content": "", "creation_timestamp": "2026-02-18T05:20:33.856955Z"}, {"uuid": "9c0680be-17f9-483f-a703-61c3ce922d4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25761", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mehetze3mn22", "content": "", "creation_timestamp": "2026-02-09T21:20:08.059823Z"}, {"uuid": "d260e834-5697-46d9-8d8c-97d8430e1709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25761", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3meheu2azx225", "content": "", "creation_timestamp": "2026-02-09T21:20:09.816315Z"}, {"uuid": "8b7df230-9539-4163-8157-abcb50ecf4b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25762", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mea2bjntwk27", "content": "", "creation_timestamp": "2026-02-06T23:22:11.491575Z"}, {"uuid": "f4b72f23-c731-4cbf-8b7f-24ae88ac2d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-25763", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116028645772242625", "content": "", "creation_timestamp": "2026-02-07T09:30:31.872063Z"}, {"uuid": "c7cc772e-e24b-4d09-b10e-1686d573ea15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-25763", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3meb4bemilo2h", "content": "", "creation_timestamp": "2026-02-07T09:30:33.732058Z"}, {"uuid": "6676b104-6069-449c-b419-d09a05537e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25762", "type": "seen", "source": "https://gist.github.com/alon710/e2cbb4e3c7fdeb40d051c3d7c45483a1", "content": "", "creation_timestamp": "2026-02-08T00:40:06.000000Z"}, {"uuid": "c0b0b314-0d8c-42a9-9e09-6021409948dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25765", "type": "seen", "source": "https://gist.github.com/alon710/cacea6a42bc4c1130907055ca55331a4", "content": "", "creation_timestamp": "2026-02-09T21:10:05.000000Z"}, {"uuid": "dc08f11a-f2fa-4ae5-857e-3c116e1846bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhm53uchm32m", "content": "", "creation_timestamp": "2026-03-21T23:00:14.119413Z"}, {"uuid": "24b40cc5-67af-4827-878f-7912196c97f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wazuh-disponibile-poc-per-lo-sfruttamento-della-vulnerabilita-cve-2026-25769", "content": "", "creation_timestamp": "2026-03-23T08:47:39.000000Z"}, {"uuid": "35d5d656-4da6-428b-b977-f4fe665bc79c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhbr3s2tlc2n", "content": "", "creation_timestamp": "2026-03-17T19:58:50.067587Z"}, {"uuid": "3ea3414a-c9c5-430a-9f61-88598caadfc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-25769", "type": "confirmed", "source": "https://hakaisecurity.io/cve-2026-25769-rce-via-insecure-deserialization-in-wazuh-cluster-remote-command-execution-through-cluster-protocol/research-blog/", "content": "", "creation_timestamp": "2026-02-11T17:00:00.000000Z"}, {"uuid": "9bf30bda-456b-443d-9679-de59c3763bc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-25769", "type": "published-proof-of-concept", "source": "https://github.com/hakaioffsec/CVE-2026-25769/blob/main/exploit/poc.py", "content": "", "creation_timestamp": "2026-02-11T17:00:00.000000Z"}, {"uuid": "d985bdbc-424c-4079-be81-0d8339cbc771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "seen", "source": "https://t.me/GithubRedTeam/80092", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-25769\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xBlackash\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-13 08:58:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-25769\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-13T09:00:05.000000Z"}, {"uuid": "c89e73bb-ab4b-4d37-adfd-481b2c8fada3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2576", "type": "published-proof-of-concept", "source": "Telegram/rhvNMhDEQsDmbO42lBM1UZ6liv8Ut69COJccPHJCHHT9EeA", "content": "", "creation_timestamp": "2026-03-27T03:00:09.000000Z"}, {"uuid": "6cefb5f4-b4fa-4ea5-9287-a6fca13492a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "published-proof-of-concept", "source": "Telegram/rwxaLd9KWQTIgwCgLykDlCAjWpJJFXYvWELkEfFrjXC617U", "content": "", "creation_timestamp": "2026-04-05T15:00:08.000000Z"}, {"uuid": "b9da9d6b-e053-4818-b3d9-e252c3dd6e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/78926", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-25769\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a njeru-codes\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-05 11:45:52\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPOC for deserialization of untrusted data in wazuh leading to RCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-05T12:00:04.000000Z"}, {"uuid": "35768037-bf9f-4ab1-a4a7-772daf79c5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2576", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77409", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE_2026_2576_PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a SowatKheang\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-26 23:58:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-2576 \u2014 Business Directory Plugin SQLi PoC (Local Setup). Unauthenticated Time-Based Blind SQL Injection Business Directory Plugin for WordPress \u2264 6.4.21\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-27T00:00:04.000000Z"}, {"uuid": "c7cfa81d-e9ea-44ca-824a-50c3aa602a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25769", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3018", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 as_wazuh_object() \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437 Wazuh \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e DAPI-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-03319\nCVE-2026-25769\n\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e \u043f\u043e 1516 \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/wazuh/wazuh/releases\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.14.3 \u0438 \u0432\u044b\u0448\u0435", "creation_timestamp": "2026-03-18T14:47:42.000000Z"}, {"uuid": "4034773f-165d-4ce1-92c3-80cc5b248214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25765", "type": "seen", "source": "https://t.me/poxek/6119", "content": "Microsoft \u0441\u043d\u043e\u0432\u0430 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043b, \u0447\u0442\u043e \u043d\u0430\u0448\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0441\u0430\u043c\u0430 \u043f\u043e \u0441\u0435\u0431\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0432\u043a\u0443\u0441\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u0439. CVE-2026-42897 \u0432 on-prem Exchange Server \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f: \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c The Hacker News \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 Microsoft, \u044d\u0442\u043e XSS/spoofing-\u0431\u0430\u0433 \u0441 CVSS 8.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0438\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u0435\u0441\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u0435\u0433\u043e \u0432 Outlook Web Access. \u041f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c Exchange 2016, 2019 \u0438 Subscription Edition, \u0430 CISA \u0443\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 KEV.\n\n\u041d\u0430 \u0434\u0440\u0443\u0433\u043e\u043c \u043a\u043e\u043d\u0446\u0435 \u0441\u043f\u0435\u043a\u0442\u0440\u0430 - CVE-2026-25765 \u0432 Ruby Faraday. \u0415\u0441\u043b\u0438 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0430 Faraday \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 URL, build_exclusive_url \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.14.1 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043e\u0439\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 protocol-relative \u043f\u0443\u0442\u044c \u0432\u0438\u0434\u0430 //evil.com/path \u0438 \u0443\u0432\u0435\u0441\u0442\u0438 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0447\u0443\u0436\u043e\u0439 \u0445\u043e\u0441\u0442. \u042d\u0442\u043e \u0443\u0436\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0431\u0438\u0442\u044c \u043f\u043e \u0447\u0443\u0436\u0438\u043c \u0442\u0443\u043b\u0437\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0435\u0440\u0430\u043c, webhook-\u043e\u0431\u0432\u044f\u0437\u043a\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0430\u043c\u0438 \u0445\u043e\u0434\u044f\u0442 \u043d\u0430\u0440\u0443\u0436\u0443. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0435\u0441\u0442\u044c \u0432 DailyCVE, \u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 advisory \u0438 \u0444\u0438\u043a\u0441 - \u0432 GitHub advisory \u0438 \u0440\u0435\u043b\u0438\u0437\u0435 2.14.1. \u0422\u043e\u043a \u0441\u0442\u0440\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u0447\u0442\u043e DailyCVE \u0443\u043a\u0430\u0437\u0430\u043d\u043e High, \u043d\u043e \u0432 NVD/CNA \u0443 \u043d\u0435\u0433\u043e \u0441\u0435\u0439\u0447\u0430\u0441 CVSS 5.8 MEDIUM.\n\n\u0410 \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u0435\u043d \u0441\u043e\u0432\u0441\u0435\u043c \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \"\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445\", \u0442\u043e \u0432\u043e\u0442 \u043e\u043d: CVE-2026-45087 \u0432 dalfox. \u041f\u043e advisory GitHub, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 &lt;= 2.12.0, \u0430 \u0444\u0438\u043a\u0441 \u0432\u044b\u0448\u0435\u043b \u0432 2.13.0. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f: \u0432 server mode Dalfox \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043b\u0443\u0448\u0430\u0435\u0442 0.0.0.0:6664, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 API key \u0431\u0435\u0437 \u044f\u0432\u043d\u043e\u0433\u043e --api-key, \u0430 \u0447\u0435\u0440\u0435\u0437 POST /scan \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u043a\u0438\u043d\u0443\u0442\u044c found-action \u0438 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f unauthenticated RCE \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0433\u0434\u0435 \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0435\u0440. \u0422\u043e \u0435\u0441\u0442\u044c \u043b\u043e\u043c\u0430\u044e\u0442 \u0443\u0436\u0435 \u043d\u0435 \u0446\u0435\u043b\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0430 \u0441\u0430\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041e\u0442\u0441\u044e\u0434\u0430 \u0438 \u043e\u0447\u0435\u043d\u044c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u0441\u0434\u0432\u0438\u0433: \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u043e\u0432, \u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445. \u0415\u0441\u043b\u0438 \u0443 blue team \u0433\u043e\u0440\u0438\u0442 Exchange, \u0442\u043e \u0443 red team, \u0431\u0430\u0433\u0445\u0430\u043d\u0442\u0435\u0440\u043e\u0432 \u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u043e\u0440\u044f\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 HTTP-\u043a\u043b\u0438\u0435\u043d\u0442\u044b, \u043f\u0430\u0440\u0441\u0435\u0440\u044b, \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u0432\u044b\u043a\u043b\u0438 \u0434\u043e\u0432\u0435\u0440\u044f\u0442\u044c \"\u043f\u043e\u0447\u0442\u0438 URL\" \u0438\u043b\u0438 \u043f\u043e\u0434\u043d\u0438\u043c\u0430\u0442\u044c \u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0440\u0435\u0436\u0438\u043c \"\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e\". \u0412 2026 \u0433\u043e\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0431\u044c\u0435\u0442 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e \u0432\u0441\u0435\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0432\u043e\u043a\u0440\u0443\u0433 \u0446\u0435\u043b\u0438: \u043f\u043e \u043f\u043e\u0447\u0442\u0435, \u0430\u0433\u0435\u043d\u0442\u0430\u043c, \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c, \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0449\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c.\n\n\u0421 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u0443 \u043a\u043e\u043c\u0430\u043d\u0434 \u0437\u0430\u0449\u0438\u0442\u044b \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043f\u0440\u0438\u0431\u0430\u0432\u0438\u043b\u043e\u0441\u044c: \u0442\u0435\u043c\u043f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 0day \u0441\u0435\u0439\u0447\u0430\u0441 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u043e\u0447\u0442\u0438 \u0431\u0435\u0437\u0443\u043c\u043d\u044b\u043c, \u0438 \u0435\u0449\u0435 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0442\u0430\u043a\u043e\u0439 \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u0438 \u0442\u0440\u0443\u0434\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0436\u0438\u0434\u0430\u0442\u044c. \u0414\u043b\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0433\u043e\u043d\u043a\u0430 \u0442\u043e\u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u043e\u0441\u0442\u0440\u044f\u0435\u0442\u0441\u044f: \u043a\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u043c \u043d\u0430\u0439\u0434\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0440\u043e\u0432\u043d\u044f CVSS 9.8, \u0443\u0441\u043f\u0435\u0435\u0442 \u0441\u0434\u0430\u0442\u044c \u0435\u0435 \u0432 bug bounty \u0438\u043b\u0438 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0430, \u0442\u043e\u0442 \u0438 \u0441\u043d\u0438\u043c\u0430\u0435\u0442 \u0441\u043b\u0438\u0432\u043a\u0438.", "creation_timestamp": "2026-05-18T15:58:50.000000Z"}, {"uuid": "e4cf851c-9a28-439a-aa8e-b7a9b26448ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-25766", "type": "published-proof-of-concept", "source": "https://github.com/labstack/echo/security/advisories/GHSA-pgvm-wxw2-hrv9", "content": "", "creation_timestamp": "2026-02-17T15:04:59.000000Z"}, {"uuid": "f7cf80c3-5ed6-4435-83ab-9d388ee59680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-25760", "type": "published-proof-of-concept", "source": "https://github.com/BishopFox/sliver/security/advisories/GHSA-2286-hxv5-cmp2", "content": "", "creation_timestamp": "2026-02-05T21:01:55.000000Z"}]}