{"vulnerability": "cve-2026-42574", "sightings": [{"uuid": "e83d3641-34ab-4c2a-823b-8938f4779a15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42574", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5df7z5j2z", "content": "\ud83d\udfe0 CVE-2026-42574 - High (7.5)\n\napko allows users to build and publish OCI container images built from apk packages. From version...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42574/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T21:01:55.172646Z"}, {"uuid": "0022cd84-f975-4154-9c8d-afd46d42198e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42574", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh7bzrtb22k", "content": "CVE-2026-42574 - apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root\nCVE ID : CVE-2026-42574\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : apko allows users to build and publish OCI container im...", "creation_timestamp": "2026-05-09T21:36:56.422813Z"}, {"uuid": "77cfb4ef-f6db-4282-80c5-e1eebdcbba85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhwfje37k2y", "content": "\u26a0\ufe0f HIGH severity: Path traversal in chainguard-dev apko (0.14.8 \u2013 1.2.4) lets attackers write outside build root with crafted .apk files. Upgrade to 1.2.5+ and avoid untrusted .apk packages. Details: https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffS...", "creation_timestamp": "2026-05-10T04:30:29.769038Z"}, {"uuid": "49cdf2c7-d70c-401d-aa3d-213d432c587d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116548398424487044", "content": "\ud83d\udea8 HIGH severity in chainguard-dev apko (v0.14.8 \u2013 1.2.4): Path traversal via crafted .apk symlinks (CVE-2026-42574) risks file writes outside the build root. Patch in v1.2.5. Upgrade ASAP & avoid untrusted .apk! https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffSeq #cybersecurity #linux #containers", "creation_timestamp": "2026-05-10T04:30:40.356356Z"}]}