{"vulnerability": "cve-2026-5439", "sightings": [{"uuid": "62d446e2-7f19-4400-ae80-cbee1a647cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5439", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj3b2jklkn25", "content": "", "creation_timestamp": "2026-04-09T16:46:11.832035Z"}, {"uuid": "8910304f-8a86-4d50-ad1b-696df687e9e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5439", "type": "published-proof-of-concept", "source": "Telegram/_P20Htht508gPcGtfhYsw3BkHMYZAVXCzBRlMvbh3o3mGtY", "content": "", "creation_timestamp": "2026-04-14T20:03:14.000000Z"}, {"uuid": "d2deab50-93e3-400f-be3c-18396ac58b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54398", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo56n2nt6m2j", "content": "CVE-2026-54398 - MISP object edit authorization bypass allows unauthorized sharing group assignment\nCVE ID : CVE-2026-54398\n \n Published : June 12, 2026, 10:16 p.m. | 3\u00a0hours, 7\u00a0minutes ago\n \n Description : An authorization flaw in MISP\u2019s object add/edit handling allowed an au...", "creation_timestamp": "2026-06-13T02:14:17.167882Z"}, {"uuid": "29a61683-cd36-4ea8-9c07-e180fb539fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3molhj2cqpl2v", "content": "CVE-2026-54390: CRITICAL template injection in JTL Shop 5.2.0 \u2013 5.7.1 lets attackers access secrets &amp; achieve RCE. No patch \u2014 restrict access &amp; monitor for abuse. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #websecurity", "creation_timestamp": "2026-06-18T18:30:15.890123Z"}, {"uuid": "3beb0c21-6e0e-4f1d-94fe-0a72cdd71645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116772530635095713", "content": "CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 \u2013 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet \u2014 restrict access &amp; monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity", "creation_timestamp": "2026-06-18T18:30:17.105039Z"}, {"uuid": "81de25ff-d0d3-49fc-ad55-e6f7401ff04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3molrr3wyz52f", "content": "CVE-2026-54390 - JTL Shop\nCVE ID : CVE-2026-54390\n \n Published : June 18, 2026, 5:33 p.m. | 3\u00a0hours, 35\u00a0minutes ago\n \n Description : JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject ma...", "creation_timestamp": "2026-06-18T21:33:43.085836Z"}, {"uuid": "e55413bd-c550-432b-8c13-92a0211393f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnkhesiv2m", "content": "\ud83d\udea8  ALERT: CVE-2026-54390\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nJTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. At", "creation_timestamp": "2026-06-22T00:39:42.945026Z"}, {"uuid": "95455b5a-5a7b-4c20-8f2e-2eeee2b0a071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mplydnj46p2w", "content": "CVE-2026-54399: Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration", "creation_timestamp": "2026-07-01T16:56:39.629479Z"}, {"uuid": "ae254792-02cf-4c3d-98ff-3dcfaf87120e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn7qpaahw2r", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/60F73004-A079-4C01-8E9D-76E33144C704", "creation_timestamp": "2026-07-02T04:41:53.390015Z"}, {"uuid": "c456ca4a-3e5e-4ae8-9016-ba24460bf2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnk37xitn2q", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435\n\n\n\nhttps://kripta.biz/posts/E6DCD7CA-ABB3-41A2-873F-E362DE2F35F0", "creation_timestamp": "2026-07-02T07:46:44.035221Z"}, {"uuid": "b2297756-df3b-49fe-8507-bffaca9eacf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpogcpwcqq2e", "content": "Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.\n\n#Apache #HttpComponents #DoS #CVE202654399 #CyberSecurity", "creation_timestamp": "2026-07-02T16:12:01.271217Z"}]}