{"vulnerability": "cve-2026-4281", "sightings": [{"uuid": "0a8bd2e2-9e9d-4fea-9e01-474acd93d80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4281", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhwz4gyfxf2g", "content": "", "creation_timestamp": "2026-03-26T06:48:16.314873Z"}, {"uuid": "b18173a9-c491-4ce4-b11f-57b0b1fd91d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4281", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4281", "content": "", "creation_timestamp": "2026-03-26T04:16:40.000000Z"}, {"uuid": "0d0afca3-7503-407e-b549-6223ad980591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42810", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2avc356h2k", "content": "\ud83d\udd34 CVE-2026-42810 - Critical (9.9)\n\nApache Polaris accepts literal `*` characters in namespace and table names. When it\nlater builds ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42810/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T18:01:00.287213Z"}, {"uuid": "aa648ebe-1c29-494d-ab1e-f1e9a0785487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42811", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2awtnhos2e", "content": "\ud83d\udd34 CVE-2026-42811 - Critical (9.9)\n\nIn plain terms, Apache Polaris is supposed to issue short-lived GCS credentials\nthat\nonly work fo...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42811/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T18:01:52.576959Z"}, {"uuid": "ad967b87-2858-4009-8d9c-cbcf27cb9d03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42812", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2ax33zfg2n", "content": "\ud83d\udd34 CVE-2026-42812 - Critical (9.9)\n\nIn Apache Iceberg, the table's metadata files are control files: they tell readers\nwhich data fil...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42812/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T18:02:00.169434Z"}, {"uuid": "661c07fb-fd9e-43a0-be73-01f2950ab222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42812", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2f4db6kr2i", "content": "CVE-2026-42812 - Apache Polaris: No protection on `write.metadata.path`\nCVE ID : CVE-2026-42812\n \n Published : May 4, 2026, 5:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : In Apache Iceberg, the table's metadata files are control files: they tell readers\nwhich data files be...", "creation_timestamp": "2026-05-04T19:16:30.895202Z"}, {"uuid": "4d2ba79b-3e86-461c-99b2-4b1726f00a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2ffbqa2m2r", "content": "CVE-2026-42810 - Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names\nCVE ID : CVE-2026-42810\n \n Published : May 4, 2026, 5:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Apache Polaris accepts literal `*` characters in namesp...", "creation_timestamp": "2026-05-04T19:21:31.044107Z"}, {"uuid": "7785bb17-33e2-47cb-8026-64bd315a55e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2foaah4a2q", "content": "CVE-2026-42811 - Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions\nCVE ID : CVE-2026-42811\n \n Published : May 4, 2026, 5:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : In plain terms, Apache Polaris is...", "creation_timestamp": "2026-05-04T19:26:31.598153Z"}, {"uuid": "0f3ca759-d865-4eef-b2e8-73534242f7a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42811", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlnza4nzej2o", "content": "\ud83d\udccc CVE-2026-42811 - In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials\nthat\nonly work for one table's files, but a crafted namespace or table... https://www.cyberhub.blog/cves/CVE-2026-42811", "creation_timestamp": "2026-05-12T14:37:08.029596Z"}]}