{"vulnerability": "cve-2026-49268", "sightings": [{"uuid": "c481ba80-a904-4551-93ce-637d82942d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49268", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moimkre7522k", "content": "CVE-2026-49268: Apache Shiro: LDAP DN Injection in DefaultLdapRealm", "creation_timestamp": "2026-06-17T15:22:42.772488Z"}, {"uuid": "86ce5027-bff0-414b-8fdb-98b3e6938875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49268", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3molcr4tjop2y", "content": "Apache Shiro patched CVE-2026-49268: DefaultLdapRealm did not escape RFC 2253 special characters in usernames, allowing LDAP DN injection. Fixed in 2.2.1 and 3.0.0-alpha-2. Input that flows into a directory query needs escaping every time. When did you last audit your Shiro realm config?\n\n#security", "creation_timestamp": "2026-06-18T17:05:17.919201Z"}]}