{"vulnerability": "cve-2026-4007", "sightings": [{"uuid": "cdf1aca5-97e3-4165-b49a-0e2b8a32a672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40070", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mjbxl3odz525", "content": "", "creation_timestamp": "2026-04-12T08:45:09.168861Z"}, {"uuid": "0d91588e-1c16-4c3e-9a09-6a1b691a7245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4007", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mgu4b7pk5b27", "content": "", "creation_timestamp": "2026-03-12T09:41:26.271207Z"}, {"uuid": "94633fdc-e2e1-4c4f-9695-2293c24ffe53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4007", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mikdsjjbkp2i", "content": "", "creation_timestamp": "2026-04-02T23:20:09.184131Z"}, {"uuid": "9457ce28-f0c1-4448-be11-87cb324a2050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40070", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj3pamnqlh2t", "content": "", "creation_timestamp": "2026-04-09T21:00:08.721791Z"}, {"uuid": "779a3d9a-cf3b-4feb-bd3d-846d66ac90ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40074", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5w7xuhhv2g", "content": "", "creation_timestamp": "2026-04-10T18:10:22.742083Z"}, {"uuid": "235b2e4c-52b9-4c6d-b08f-fce77478987e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5wg7dchc2z", "content": "", "creation_timestamp": "2026-04-10T18:13:51.983722Z"}, {"uuid": "cba24ef7-240d-4535-b666-95bd6cfeaa48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4007", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mgtz4v6fcr27", "content": "", "creation_timestamp": "2026-03-12T08:45:19.987779Z"}, {"uuid": "8ade4530-b21a-497b-b35a-2e5ba47402bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40070", "type": "seen", "source": "Telegram/Y2UpQC9zCL6PqNfAxsSoQJ7YUumR5oW0JI3RILB7SgtOVH4", "content": "", "creation_timestamp": "2026-04-09T19:23:14.000000Z"}, {"uuid": "d421c09a-aec4-408d-9802-2200016c31d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40074", "type": "published-proof-of-concept", "source": "Telegram/mxR_Bklpz2ezfl_HBxeq5ePFUKdKDD_SnK62KfKWabwlXIo", "content": "", "creation_timestamp": "2026-04-15T23:25:26.000000Z"}, {"uuid": "ef843462-9778-4665-96e0-cc692ca3370e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40073", "type": "published-proof-of-concept", "source": "Telegram/KfGKsJKmMisviQyzRxPu6tVP9U_plbeA33H-GctVC-uIg4Q", "content": "", "creation_timestamp": "2026-04-10T19:31:07.000000Z"}, {"uuid": "cf72115d-1e53-45d3-95c0-6dc8855f0f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40072", "type": "published-proof-of-concept", "source": "https://github.com/ApeWorX/web3.py/security/advisories/GHSA-5hr4-253g-cpx2", "content": "", "creation_timestamp": "2026-04-02T20:31:30.000000Z"}, {"uuid": "bd6c3c5e-d4c3-4311-b99d-5a33097a8ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40076", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116530350683018033", "content": "\ud83d\udea8 CRITICAL OpenMRS Core vuln: Path traversal (CVE-2026-40076, CVSS 9.4) lets auth users upload .omod files to gain RCE via crafted ZIPs. Affects \u22642.7.8, 2.8.0 \u2013 2.8.5. Upgrade to 2.7.9/2.8.6+ now! https://radar.offseq.com/threat/cve-2026-40076-cwe-22-improper-limitation-of-a-pat-ec2c9c3f #OffSeq #OpenMRS #Vuln", "creation_timestamp": "2026-05-07T00:00:41.163140Z"}, {"uuid": "66a2c7a6-7f88-4620-bac6-15b0a523737d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40076", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml7vwe264u2v", "content": "OpenMRS Core (\u22642.7.8, 2.8.0 \u2013 2.8.5) faces a CRITICAL path traversal flaw (CVSS 9.4). Auth users with upload rights risk enabling remote code exec. Upgrade to 2.7.9 or 2.8.6+ now! https://radar.offseq.com/threat/cve-2026-40076-cwe-22-improper-limitation-of-a-pat-ec2c9c3f #OffSeq #OpenMRS #Vuln", "creation_timestamp": "2026-05-07T00:00:43.192678Z"}, {"uuid": "a0ddc48c-9e73-4ed7-9fe1-5e2aa3b1d15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40076", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mla3nzybkm2p", "content": "CVE-2026-40076 - OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload\nCVE ID : CVE-2026-40076\n \n Published : May 6, 2026, 8:16 p.m. | 4\u00a0hours, 4\u00a0minutes ago\n \n Description : OpenMRS Core is an open source electronic medical record system platform....", "creation_timestamp": "2026-05-07T01:43:26.339588Z"}, {"uuid": "0923ea7d-dd8c-40f7-ae5a-fd3930197347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40070", "type": "published-proof-of-concept", "source": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j", "content": "", "creation_timestamp": "2026-04-08T21:00:05.000000Z"}, {"uuid": "bb47e337-b09c-4d9f-85d1-a50e39c7bf51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40077", "type": "published-proof-of-concept", "source": "https://github.com/henrygd/beszel/security/advisories/GHSA-5f5r-95pg-xrpm", "content": "", "creation_timestamp": "2026-04-09T17:40:19.000000Z"}, {"uuid": "fb09d8d2-9660-412b-b3f5-8c906690e5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40075", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml5kbzoxeb2e", "content": "CVE-2026-40075 - OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet\nCVE ID : CVE-2026-40075\n \n Published : May 5, 2026, 10:16 p.m. | 2\u00a0hours, 6\u00a0minutes ago\n \n Description : OpenMRS Core is an open source electronic medical record system platform. In ...", "creation_timestamp": "2026-05-06T01:27:10.574168Z"}, {"uuid": "94e267d8-b7b2-462c-bb49-af0216814d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40072", "type": "seen", "source": "https://t.me/GithubRedTeam/87406", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-40072-ssrf-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a u1tr0nex\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-05 09:13:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nHands-on lab for CVE-2026-40072 \u2014 SSRF vulnerability in web3.py via CCIP Read (EIP-3668)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-05T10:06:26.000000Z"}]}