{"vulnerability": "cve-2026-56394", "sightings": [{"uuid": "788beff4-f3e2-4600-9491-6117dae9a6b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56394", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116791170039431358", "content": "CVE-2026-56394: HIGH severity path traversal in Craft CMS 4.0.0-RC1 & 5.0.0-RC1. Authenticated attackers can read local files via assets/icon endpoint. Restrict access & monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-56394-improper-limitation-of-a-pathname-t-139f3a46ea00069e #OffSeq #CraftCMS #Vuln #PathTraversal", "creation_timestamp": "2026-06-22T01:30:29.519228Z"}, {"uuid": "b3d1357b-0626-4d09-8811-cf0be2857c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56394", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3motqfb5ttb2g", "content": "CVE-2026-56394: HIGH severity path traversal in Craft CMS 4.0.0-RC1 & 5.0.0-RC1. Authenticated attackers can read local files. Restrict access & monitor until a fix is released. https://radar.offseq.com/threat/cve-2026-56394-improper-limitation-of-a-pathname-t-139f3a46ea00069e #OffSeq #CraftCMS #...", "creation_timestamp": "2026-06-22T01:30:30.751319Z"}]}