{"vulnerability": "cve-2026-40582", "sightings": [{"uuid": "0b551a89-df10-41c6-b24b-73334e06500e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40582", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116424889479401658", "content": "", "creation_timestamp": "2026-04-18T09:00:31.945635Z"}, {"uuid": "adf56ce1-a96a-4251-8aed-9ad9456981cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40582", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mjr3a5icyy23", "content": "", "creation_timestamp": "2026-04-18T09:00:32.926357Z"}, {"uuid": "14be0156-b92e-41be-8fbe-f9ef8011e380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7gkadlq2v", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : ChurchCRM is an open-source churc...", "creation_timestamp": "2026-05-13T02:00:46.164806Z"}, {"uuid": "03cf4721-85ab-4701-bb3b-9447b14bcc4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjqeqddwii2k", "content": "", "creation_timestamp": "2026-04-18T02:17:59.254762Z"}, {"uuid": "457fbb42-8361-49ad-b8ad-9ce6dbd845e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40582", "type": "published-proof-of-concept", "source": "Telegram/41gIjnqleUG-c7q5H5vmUlb-p3i15u65_SeajvrPdO-zEo4", "content": "", "creation_timestamp": "2026-04-18T01:18:44.000000Z"}, {"uuid": "104e6078-3a40-42ab-9325-2538d8974eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7yh4nla2i", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church...", "creation_timestamp": "2026-05-13T02:10:46.737941Z"}]}