{"vulnerability": "cve-2026-41202", "sightings": [{"uuid": "e0d986a2-2816-447d-97ea-1aa950e316e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41202", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlakynbolz2e", "content": "CVE-2026-41202 - ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE\nCVE ID : CVE-2026-41202\n \n Published : May 7, 2026, 3:18 a.m. | 1\u00a0hour, 6\u00a0minutes ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architec...", "creation_timestamp": "2026-05-07T06:17:48.384685Z"}, {"uuid": "3ddf115b-c378-4c33-b62e-72a8906820d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41202", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116532473442667986", "content": "\ud83d\udd0e CVE-2026-41202: CRITICAL path traversal in ci4ms (<0.31.5.0) lets authenticated users upload ZIPs for remote code execution. Patch to 0.31.5.0 now! Details: https://radar.offseq.com/threat/cve-2026-41202-cwe-22-improper-limitation-of-a-pat-c7627c61 #OffSeq #infosec #CVE202641202 #vuln", "creation_timestamp": "2026-05-07T09:00:32.230146Z"}, {"uuid": "54249b5d-40c8-48ac-aa14-889f9640ec6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41202", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlau3oebzt2y", "content": "ci4ms (<0.31.5.0) faces CRITICAL path traversal (CVE-2026-41202). Authenticated users can trigger RCE via malicious ZIP restore. Upgrade to 0.31.5.0 ASAP! https://radar.offseq.com/threat/cve-2026-41202-cwe-22-improper-limitation-of-a-pat-c7627c61 #OffSeq #infosec #CVE202641202", "creation_timestamp": "2026-05-07T09:00:34.178931Z"}]}