{"vulnerability": "cve-2026-4286", "sightings": [{"uuid": "0a1ea47a-8b9e-4176-8b8d-a57c7819c12e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42860", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllv5mcnjo2w", "content": "\ud83d\udfe0 CVE-2026-42860 - High (8.5)\n\nThe Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42860/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T18:18:52.252860Z"}, {"uuid": "8e2e8d76-0ede-42f2-af34-4cb54b31a2b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z", "content": "\ud83d\udd34 CVE-2026-42864 - Critical (9.9)\n\nFireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42864/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T20:02:15.981894Z"}, {"uuid": "34024794-f1d4-40f8-b597-33ad46695795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42869", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlma6j4rum2i", "content": "CVE-2026-42869 - SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools\nCVE ID : CVE-2026-42869\n \n Published : May 11, 2026, 8:25 p.m. | 24\u00a0minutes ago\n \n Description : SOCFortress CoPilot focus...", "creation_timestamp": "2026-05-11T21:36:10.547487Z"}, {"uuid": "9a1fd115-312f-408f-92c0-a4023d1d20fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42869", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mln4pgq3b42q", "content": "\ud83d\udd34 CVE-2026-42869 - Critical (10)\n\nSOCFortress CoPilot focuses on providing a single pane of glass for all your security operations ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42869/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-12T06:06:43.751041Z"}, {"uuid": "6692ff6d-b1fe-45da-aae1-789c72d29258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42864", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlnbfdxvzr26", "content": "\ud83d\udea8 ManoManoTech firefighter-incident (<0.0.54) hit by CRITICAL vuln (CVE-2026-42864). Unauth access can lead to AWS creds theft! Update to 0.0.54+ & enforce IMDSv2 ASAP. https://radar.offseq.com/threat/cve-2026-42864-cwe-306-missing-authentication-for--60c5ba57 #OffSeq #CVE202642864 #CloudSecurity", "creation_timestamp": "2026-05-12T07:30:34.548795Z"}, {"uuid": "e2dc75bc-ebee-4e85-a0ab-8b423342a377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42864", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116560431114423075", "content": "\ud83d\udd25 CVE-2026-42864: CRITICAL vuln in ManoManoTech firefighter-incident (<0.0.54). Missing auth lets attackers fetch arbitrary URLs & exfil AWS creds if IMDSv2 not enforced. Update to 0.0.54+ & check your cloud configs! https://radar.offseq.com/threat/cve-2026-42864-cwe-306-missing-authentication-for--60c5ba57 #OffSeq #CVE202642864 #CloudSecurity", "creation_timestamp": "2026-05-12T07:30:50.570874Z"}, {"uuid": "3d7fb556-bb7b-4427-b667-386a1ebea155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z", "content": "\ud83d\udd34 CVE-2026-42864 - Critical (9.9)\n\nFireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42864/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T20:02:15.983162Z"}, {"uuid": "845e0ef7-6897-4753-9149-dc6372d12fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlm4sffwvv2p", "content": "CVE-2026-42864 - FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft\nCVE ID : CVE-2026-42864\n \n Published : May 11, 2026, 7:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : FireFighter is an incident management application. Prior to 0.0.54, ...", "creation_timestamp": "2026-05-11T20:35:42.864709Z"}, {"uuid": "bf130881-232c-4947-bc65-7c00a829879e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42862", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5v6-pj28-cwwm", "content": "", "creation_timestamp": "2026-05-14T14:12:20.000000Z"}, {"uuid": "cc9b1f04-26ef-4bc7-b1e4-6f59a9783f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42863", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5wxp-qjgq-fx6m", "content": "", "creation_timestamp": "2026-05-14T14:12:08.000000Z"}, {"uuid": "c6323c21-feb9-4f32-ad02-c71f33a1fbf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42861", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6fw7-3q8r-m5vj", "content": "", "creation_timestamp": "2026-05-14T14:12:50.000000Z"}, {"uuid": "bded1452-9aa3-4b96-b4ad-2f0fdeafbac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42860", "type": "published-proof-of-concept", "source": "https://github.com/openedx/edx-enterprise/security/advisories/GHSA-64cv-vxpr-j6vc", "content": "", "creation_timestamp": "2026-04-24T14:21:24.000000Z"}]}