{"uuid": "16e19ae6-287e-4823-8aef-92916b491e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11526", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mog3r7wvp42j", "content": "Perl's GD module patched CVE-2026-11526 in 2.86: passing a filename that begins or ends with a pipe to an image constructor could execute a shell command, thanks to 2-arg open(). The fix uses 3-arg open. When did you last audit your open() calls?\n#Perl", "creation_timestamp": "2026-06-16T15:16:46.264527Z"}