{"vulnerability": "cve-2026-42849", "sightings": [{"uuid": "fbe5dfab-547f-4158-9500-c9a2952e22e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42849", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndp5kqcsp2u", "content": "\ud83d\udd34 CVE-2026-42849 - Critical (9.3)\n\nauthentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42849/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-02T23:00:31.395313Z"}, {"uuid": "c6ea1112-09cd-43fe-a432-0d98ec96256f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndqhq2vdf2r", "content": "CVE-2026-42849 - authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover\nCVE ID : CVE-2026-42849\n \n Published : June 2, 2026, 9:16 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. Prior to versions 2025.12.5 and ...", "creation_timestamp": "2026-06-02T23:24:07.162825Z"}]}