{"vulnerability": "cve-2026-42155", "sightings": [{"uuid": "4e26047e-6274-439c-9e58-fea742cfff27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42155", "type": "published-proof-of-concept", "source": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-2cwr-gcf9-pvxr", "content": "", "creation_timestamp": "2026-05-04T20:56:34.000000Z"}, {"uuid": "c3bcbda2-fd83-4acf-962d-b65659a05f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42155", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlwu63uqud2d", "content": "OpenMage magento-lts (<20.18.0) hit by CRITICAL vuln: weak time-based session IDs allow brute-force API session hijack. Upgrade to 20.18.0+ immediately! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-42155-cwe-330-use-of-insufficiently-rando-1baedc02 #OffSeq #Magento #SecurityAlert", "creation_timestamp": "2026-05-16T03:00:30.478887Z"}]}