{"vulnerability": "cve-2026-49448", "sightings": [{"uuid": "f1aa93b7-dcbb-4533-9f16-cc2529dea8b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndlst2fsr22", "content": "\ud83d\udd34 CVE-2026-49448 - Critical (9.8)\n\nauthentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5....\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49448/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-02T22:00:55.385911Z"}, {"uuid": "7909b522-2441-4e79-80f7-62acd5a63512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mndpfsttse2i", "content": "CVE-2026-49448 - Critical authentication bypass in Authentik. Sending an empty POST bypasses the Source stage. CVSS 9.8. Update to 2025.12.6, 2026.2.4, or 2026.5.1 immediately. #CVE #Authentik #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-49448/", "creation_timestamp": "2026-06-02T23:05:07.824942Z"}, {"uuid": "f275ddf1-f851-4846-aca3-4357ddcf31d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndrhe3k6f2d", "content": "CVE-2026-49448 - authentik: SourceStage bypass via empty POST\nCVE ID : CVE-2026-49448\n \n Published : June 2, 2026, 9:16 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source...", "creation_timestamp": "2026-06-02T23:41:46.580822Z"}]}