{"vulnerability": "cve-2026-53662", "sightings": [{"uuid": "e1417af8-e243-46f4-853c-3ddd8b377be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53662", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116802848530420895", "content": "immich-app suffers CRITICAL reflected XSS (CVE-2026-53662) in /auth/login (commits 4ffa26c9 \u2013 4eb1003). Exploitation = persistent account takeover via API key minting. Update to commit 4eb1003 or later. https://radar.offseq.com/threat/cve-2026-53662-cwe-79-improper-neutralization-of-i-088d09407e2bf58b #OffSeq #CVE202653662 #XSS #infosec", "creation_timestamp": "2026-06-24T03:00:29.307456Z"}]}