{"vulnerability": "ghsa-3fmp-59v6-4qw2", "sightings": [{"uuid": "3ca3852a-ef6c-45a5-8a76-9c194c8523d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "ghsa-3fmp-59v6-4qw2", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116870089136632895", "content": "CVE-2026-59509 (CRITICAL): cve-search POST /fetch_cve_data allows unauth'd access to arbitrary MongoDB collections, exposing admin creds for offline cracking. Restrict endpoint, monitor activity, check vendor updates. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #infosec #CVE202659509", "creation_timestamp": "2026-07-06T00:00:38.688616Z"}, {"uuid": "8ee29787-a9f3-456f-9196-23e472a724db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "ghsa-3fmp-59v6-4qw2", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpwrvj6vez2g", "content": "CRITICAL: cve-search POST /fetch_cve_data vuln enables unauth'd access to MongoDB data \u2014 including admin creds. Restrict endpoint, monitor logs, check for patches. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #CVE202659509", "creation_timestamp": "2026-07-06T00:00:40.345494Z"}]}