{"vulnerability": "cve-2026-42606", "sightings": [{"uuid": "adb5541c-10d1-45c2-b5aa-de1ec0ad9e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42606", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5aco5sj2e", "content": "\ud83d\udfe0 CVE-2026-42606 - High (8.1)\n\nAzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the A...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42606/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T21:00:11.372484Z"}, {"uuid": "1228d306-43c2-4302-b17b-e1383fa74eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42606", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh6ncn2hw2o", "content": "CVE-2026-42606 - AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass\nCVE ID : CVE-2026-42606\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : AzuraCast is a self-hosted, all-in-one web radio ...", "creation_timestamp": "2026-05-09T21:25:20.868022Z"}, {"uuid": "3c748777-00b1-4d79-8ac7-8acd8b140704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42606", "type": "published-proof-of-concept", "source": "https://github.com/AzuraCast/AzuraCast/security/advisories/GHSA-gv7r-3mr9-h5x8", "content": "", "creation_timestamp": "2026-04-23T19:37:18.000000Z"}]}