{"vulnerability": "cve-2026-42864", "sightings": [{"uuid": "8e2e8d76-0ede-42f2-af34-4cb54b31a2b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z", "content": "\ud83d\udd34 CVE-2026-42864 - Critical (9.9)\n\nFireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42864/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T20:02:15.981894Z"}, {"uuid": "3d7fb556-bb7b-4427-b667-386a1ebea155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z", "content": "\ud83d\udd34 CVE-2026-42864 - Critical (9.9)\n\nFireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42864/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T20:02:15.983162Z"}, {"uuid": "845e0ef7-6897-4753-9149-dc6372d12fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42864", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlm4sffwvv2p", "content": "CVE-2026-42864 - FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft\nCVE ID : CVE-2026-42864\n \n Published : May 11, 2026, 7:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : FireFighter is an incident management application. Prior to 0.0.54, ...", "creation_timestamp": "2026-05-11T20:35:42.864709Z"}, {"uuid": "6692ff6d-b1fe-45da-aae1-789c72d29258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42864", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlnbfdxvzr26", "content": "\ud83d\udea8 ManoManoTech firefighter-incident (<0.0.54) hit by CRITICAL vuln (CVE-2026-42864). Unauth access can lead to AWS creds theft! Update to 0.0.54+ & enforce IMDSv2 ASAP. https://radar.offseq.com/threat/cve-2026-42864-cwe-306-missing-authentication-for--60c5ba57 #OffSeq #CVE202642864 #CloudSecurity", "creation_timestamp": "2026-05-12T07:30:34.548795Z"}, {"uuid": "e2dc75bc-ebee-4e85-a0ab-8b423342a377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42864", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116560431114423075", "content": "\ud83d\udd25 CVE-2026-42864: CRITICAL vuln in ManoManoTech firefighter-incident (<0.0.54). Missing auth lets attackers fetch arbitrary URLs & exfil AWS creds if IMDSv2 not enforced. Update to 0.0.54+ & check your cloud configs! https://radar.offseq.com/threat/cve-2026-42864-cwe-306-missing-authentication-for--60c5ba57 #OffSeq #CVE202642864 #CloudSecurity", "creation_timestamp": "2026-05-12T07:30:50.570874Z"}]}