{"vulnerability": "cve-2026-2606", "sightings": [{"uuid": "0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26064", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfcpz4of6f2d", "content": "", "creation_timestamp": "2026-02-20T18:21:43.076203Z"}, {"uuid": "ba0f0c8c-6eeb-4759-bc89-e1dcca1df921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfclwupnvg2s", "content": "", "creation_timestamp": "2026-02-20T17:08:52.461595Z"}, {"uuid": "8de742da-481b-4b3c-bcbe-47169eee5014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26068", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mepyec5pua2e", "content": "", "creation_timestamp": "2026-02-13T07:30:32.820825Z"}, {"uuid": "fe959bdd-a9fc-4bd8-8413-2d09fd1c4d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26065", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mfb4jx6nnq2r", "content": "", "creation_timestamp": "2026-02-20T03:00:33.035244Z"}, {"uuid": "59b85166-46cb-49a3-af00-cdb137bca3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26065", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116100722235795041", "content": "", "creation_timestamp": "2026-02-20T03:00:34.371349Z"}, {"uuid": "17c3860f-46e5-4d3e-a70f-7c91b035e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mfo4sud4lc2s", "content": "", "creation_timestamp": "2026-02-25T07:10:20.402962Z"}, {"uuid": "a5e2a055-72f6-4338-ade5-43b7b9651bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26064", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116101076184809379", "content": "", "creation_timestamp": "2026-02-20T04:30:32.164640Z"}, {"uuid": "70990ae6-966e-48c9-8a5c-4ddbc68a6822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26064", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mfbbkvt2aq2e", "content": "", "creation_timestamp": "2026-02-20T04:30:33.912675Z"}, {"uuid": "a4c2d7b8-4753-45c4-a067-9b4c00a9f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26066", "type": "seen", "source": "https://bsky.app/profile/flarestart.bsky.social/post/3mfmvxx6rzp2s", "content": "", "creation_timestamp": "2026-02-24T19:35:03.930807Z"}, {"uuid": "39feb4a3-4933-491f-998c-2ea402666654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26069", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mep77ylncm2m", "content": "", "creation_timestamp": "2026-02-13T00:00:45.197608Z"}, {"uuid": "5ff3530b-6d19-4755-a700-f6fb293a0f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26069", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116060379050409593", "content": "", "creation_timestamp": "2026-02-13T00:00:58.659586Z"}, {"uuid": "5cffd762-755c-45cf-8ecd-bbe4612aa978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26068", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116061853082631790", "content": "", "creation_timestamp": "2026-02-13T06:15:34.821876Z"}, {"uuid": "cb07ecdd-f0d3-4b39-9e14-a749491e8dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26061", "type": "seen", "source": "Telegram/HCzuKY5MuLPsfo_EI5S3ks6iQFEX7xEFL0kHnLhrHZ36Sb0", "content": "", "creation_timestamp": "2026-03-27T21:22:34.000000Z"}, {"uuid": "af32d518-132f-4975-a9d9-db0513a5d86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://gist.github.com/alon710/93497b272a1acc6d5d3838b0e2ce709a", "content": "", "creation_timestamp": "2026-02-25T01:08:07.000000Z"}, {"uuid": "72a96d4b-6b46-4b89-962a-dbdd2c1a0f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/116316841599408182", "content": "", "creation_timestamp": "2026-03-30T07:02:31.871776Z"}, {"uuid": "9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mienop6vtc27", "content": "", "creation_timestamp": "2026-03-31T17:01:00.359733Z"}, {"uuid": "bc9ad609-4e44-45cb-b6a0-18891d69249f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "published-proof-of-concept", "source": "Telegram/WxHgPFElWYDoFBGl3K0BVKfspuGbiR8geCdPJnxqtoWdxxM", "content": "", "creation_timestamp": "2026-03-31T17:24:25.000000Z"}, {"uuid": "aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://t.me/poxek/5938", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438\n#Calibre #Google #Ghost #GetSimple #ApacheVelocity #CVE\n\n\u25aa\ufe0f Calibre (CVE-2026-26065, CVSS 9.3) \u2014 path traversal \u0432 PDB-\u0440\u0438\u0434\u0435\u0440\u0430\u0445 Calibre, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0443\u0442\u0435\u0439 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e PDB-\u0444\u0430\u0439\u043b\u043e\u0432. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0431\u0435\u0437 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f. \u0418\u043c\u043f\u0430\u043a\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043f\u0440\u0430\u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 Calibre \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445, DoS \u0438, \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445, \u043a RCE.\n\n\u25aa\ufe0f Google Cloud Vertex AI SDK for Python (CVE-2026-2472, CVSS 8.6) \u2014 stored XSS \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 GenAI/\u043e\u0446\u0435\u043d\u043e\u043a \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0430\u043a\u0435\u0442\u0430 google-cloud-aiplatform. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043c\u043e\u0434\u0435\u043b\u0438 \u0438\u043b\u0438 JSON-\u0434\u0430\u0442\u0430\u0441\u0435\u0442\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 \u0432 Jupyter/Colab. \u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JS \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0435\u0441\u0441\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0442\u043e\u043a\u0435\u043d\u043e\u0432, \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0443 \u0441\u0435\u0441\u0441\u0438\u0438 \u0438\u043b\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u25aa\ufe0f Ghost (CVE-2026-26980, CVSS 9.4) \u2014 SQLi \u0432 headless CMS Ghost, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c Content API. \u0418\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438/\u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 slug \u0432 query string \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0431\u0430\u0437\u044b (arbitrary read) \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0fGetSimple CMS (CVE-2026-27161, CVSS 8.7) \u2014 \u0437\u0430\u0449\u0438\u0442\u0430 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 (/data/, /backups/ \u0438 \u0434\u0440.) \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 .htaccess. \u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c AllowOverride \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Apache \u0437\u0430\u0449\u0438\u0442\u0430 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f authorization.xml \u0441 \u043a\u043b\u044e\u0447\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0f WSO2 Identity Server (CVE-2025-12107, CVSS 7.2) \u2014 template injection \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c Velocity template engine (Apache Velocity). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0448\u0430\u0431\u043b\u043e\u043d\u043d\u044b\u0439 \u043a\u043e\u0434. \u041f\u0440\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-24T06:48:10.000000Z"}]}