{"vulnerability": "cve-2026-42448", "sightings": [{"uuid": "2394108d-d41c-42fb-9bd3-6c7aea6a6d27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42448", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3ml6o3gh4nc2b", "content": "magic-wormhole: 0.23.0 -> 0.24.0 (fixes CVE-2026-42448)\n\nhttps://github.com/NixOS/nixpkgs/pull/517222\n\n#security", "creation_timestamp": "2026-05-06T12:07:43.162125Z"}, {"uuid": "684c7a00-994f-49fe-a93e-4f9494f414d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmrp6zqwxp2n", "content": "CVE-2026-42448 - wormhole receive, with --output pointing at an existing directory can be path-traversed\nCVE ID : CVE-2026-42448\n \n Published : 26 mai 2026 17:57 | 4\u00a0minutes ago\n \n Description : Magic Wormhole makes it possible to get arbitrary-sized files and directories from...", "creation_timestamp": "2026-05-26T19:13:24.553421Z"}]}