{"vulnerability": "cve-2026-35482", "sightings": [{"uuid": "df5ae072-0317-47e5-b162-b760c9967e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35482", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndsk2lvzu22", "content": "\ud83d\udfe0 CVE-2026-35482 - High (8)\n\nalf.io is an open source ticket reservation system for conferences, trade shows, workshops, and m...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-35482/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:01:11.832690Z"}, {"uuid": "4081ff5e-9244-48ef-9d74-ac31f4c7093b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35482", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3lqz6f62q", "content": "CVE-2026-35482 - alf.io has an Authenticated RCE via Extension Script Sandbox Escape\nCVE ID : CVE-2026-35482\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : alf.io is an open source ticket reservation system for conferences, trade shows, work...", "creation_timestamp": "2026-06-03T02:43:11.907566Z"}, {"uuid": "c3276347-55b4-436d-b422-e6125b736edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35482", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mneblm5uge2d", "content": "alf.io HIGH severity vuln (CVE-2026-35482): Authenticated admins can escape JS sandbox & run OS commands. Upgrade to 2.0-M5-2606 to stay secure! https://radar.offseq.com/threat/cve-2026-35482-cwe-863-incorrect-authorization-in--7701fe0c #OffSeq #Vulnerability #Security", "creation_timestamp": "2026-06-03T04:30:30.424653Z"}, {"uuid": "c7c5820a-e070-4e1c-9e83-db67e04f2ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35482", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116684293866333535", "content": "\ud83d\udee1\ufe0f HIGH severity: CVE-2026-35482 in alf.io (<2.0-M5-2606) lets authenticated admins escape the Rhino JS sandbox and execute OS commands via Java reflection. Upgrade to 2.0-M5-2606 now! https://radar.offseq.com/threat/cve-2026-35482-cwe-863-incorrect-authorization-in--7701fe0c #OffSeq #Vulnerability #alfio #Security", "creation_timestamp": "2026-06-03T04:30:37.678921Z"}]}