{"vulnerability": "cve-2026-49987", "sightings": [{"uuid": "539f7c93-54cd-40b9-a683-aabdfed64ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49987", "type": "published-proof-of-concept", "source": "https://github.com/yamadashy/repomix/security/advisories/GHSA-9mm9-rqhj-j5mx", "content": "", "creation_timestamp": "2026-07-01T20:35:09.517613Z"}, {"uuid": "b2d48230-66f0-4706-a478-fba59ca8f03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49987", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpmqxdh3a22", "content": "CVE-2026-49987 - Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection\nCVE ID : CVE-2026-49987\n \n Published : July 15, 2026, 7:17 p.m. | 17\u00a0minutes ago\n \n Description : Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/c...", "creation_timestamp": "2026-07-15T21:05:14.149196Z"}]}