{"vulnerability": "cve-2026-50203", "sightings": [{"uuid": "2342ac09-fc0e-4db8-b06b-cca6cd83bcff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50203", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mofvnbvfs42g", "content": "CVE-2026-50203: Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names", "creation_timestamp": "2026-06-16T13:27:11.797349Z"}, {"uuid": "44ceaa73-347b-4908-a6c9-52c1d9632aa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50203", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mohoxaa3322z", "content": "CVE-2026-50203 - Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names\nCVE ID : CVE-2026-50203\n \n Published : June 17, 2026, 1:47 a.m. | 3\u00a0hours,...", "creation_timestamp": "2026-06-17T06:32:49.031968Z"}, {"uuid": "3a588be4-d658-4450-9130-9be024355d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50203", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mokysk377r2z", "content": "\ud83d\udccc CVE-2026-50203 - A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP serve... https://www.cyberhub.blog/cves/CVE-2026-50203", "creation_timestamp": "2026-06-18T14:07:08.079143Z"}]}