{"vulnerability": "cve-2026-42288", "sightings": [{"uuid": "d84cc6c1-6a99-493e-ad2f-ebdcea2b641a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mlph3pnr4j2c", "content": "Fresh CVE alert: CVE-2026-42288 Security Alert: CRITICAL Vulnerability\n\nCVE-2026-42288 CRITICAL alert. Immediate action\u2026\n\nhttps://cyberlensai.com/news/security-alert-cve-2026-42288\n\n#CyberSecurity #AppSec #VulnerabilityManagement", "creation_timestamp": "2026-05-13T04:17:52.329662Z"}, {"uuid": "6c2a34c6-7920-4d0d-8c38-bbbf56dec771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlp5qjkhja2g", "content": "ChurchCRM < 7.3.2 has a critical RCE (CVE-2026-42288) via setup wizard code injection. Unauthenticated attackers can fully compromise systems. Upgrade to 7.3.2+ now. https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #SecurityAlert", "creation_timestamp": "2026-05-13T01:30:33.485942Z"}, {"uuid": "6ea3313a-7bad-4823-b953-2492bd14f7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116564677807182613", "content": "\u26a0\ufe0f CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow", "creation_timestamp": "2026-05-13T01:30:36.192793Z"}, {"uuid": "cfd9fc8f-54c9-4979-b37b-01fba00e446a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42288", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5rxbida2n", "content": "CVE-2026-42288 - ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD\nCVE ID : CVE-2026-42288\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management...", "creation_timestamp": "2026-05-13T01:31:22.233467Z"}, {"uuid": "3840bc64-a2c3-416a-bc0b-2769860b134b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42288", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpdimrrqk2r", "content": "\ud83d\udd34 CVE-2026-42288 - Critical (10)\n\nChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42288/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:13:32.970227Z"}]}