<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-18T22:53:14.432844+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/67d24b1a-6ce4-4822-a695-a7c1e84b091e/export</id>
    <title>67d24b1a-6ce4-4822-a695-a7c1e84b091e</title>
    <updated>2026-07-18T22:53:14.446447+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "67d24b1a-6ce4-4822-a695-a7c1e84b091e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4", "content": "", "creation_timestamp": "2026-07-10T02:35:03.650983Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/67d24b1a-6ce4-4822-a695-a7c1e84b091e/export"/>
    <published>2026-07-10T02:35:03.650983+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/459e27ca-dd5a-4ef3-8dff-213b8315808e/export</id>
    <title>459e27ca-dd5a-4ef3-8dff-213b8315808e</title>
    <updated>2026-07-18T22:53:14.449291+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "459e27ca-dd5a-4ef3-8dff-213b8315808e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://gist.github.com/alon710/5cf8fa01fdabad32641db4fb6525028d", "content": "# CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla\n\n&amp;gt; **CVSS Score:** 2.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48598\n\n## Summary\nAn Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.\n\n## TL;DR\nUnescaped carriage returns, line feeds, and double-quotes in elixir-tesla's multipart module allow multipart header injection and request smuggling.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-116\n- **Attack Vector**: Local\n- **CVSS v4.0 Score**: 2.1 (Low)\n- **EPSS Score**: 0.00143\n- **Impact**: Low Subsequent System Integrity\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- elixir-tesla\n- **tesla**: &amp;gt;= 0.8.0, &amp;lt; 1.18.3 (Fixed in: `1.18.3`)\n\n## Mitigation\n\n- Upgrade the elixir-tesla dependency to version 1.18.3 or newer\n- Filter user-controlled input values to remove carriage returns, line feeds, and double-quote characters before parsing\n- Wrap dynamic multipart compilation steps in exception-handling blocks to prevent application crashes\n\n**Remediation Steps:**\n1. Open your mix.exs configuration file\n2. Locate the {:tesla, \"...\"} dependency line and update the version requirement to &amp;gt;= 1.18.3\n3. Execute mix deps.get to fetch the patched version of the package\n4. Run your test suite to verify no uncaught ArgumentError exceptions occur during multipart serialization\n\n## References\n\n- [CVE-2026-48598 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48598)\n- [GHSA-28jh-g32x-v9v4 Advisory on GitHub](https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4)\n- [Erlang Ecosystem Foundation CNA Advisory](https://cna.erlef.org/cves/CVE-2026-48598.html)\n- [OSV Registry Record for CVE-2026-48598](https://osv.dev/vulnerability/EEF-CVE-2026-48598)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48598) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T00:42:13.295577Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/459e27ca-dd5a-4ef3-8dff-213b8315808e/export"/>
    <published>2026-07-10T00:42:13.295577+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/512d7528-5f4a-4d4b-ade0-a049cd075aee/export</id>
    <title>512d7528-5f4a-4d4b-ade0-a049cd075aee</title>
    <updated>2026-07-18T22:53:14.450416+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "512d7528-5f4a-4d4b-ade0-a049cd075aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "Telegram/zS0m-Smw9tMC2xQZhVRiFtrXmVStzlksgIyfU5bMHDdEXnY", "content": "", "creation_timestamp": "2026-06-09T15:00:06.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/512d7528-5f4a-4d4b-ade0-a049cd075aee/export"/>
    <published>2026-06-09T15:00:06+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/48dd0006-b33f-4155-88c7-f2d6109e337b/export</id>
    <title>48dd0006-b33f-4155-88c7-f2d6109e337b</title>
    <updated>2026-07-18T22:53:14.450557+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "48dd0006-b33f-4155-88c7-f2d6109e337b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndhzwkych27", "content": "CVE-2026-48598 - CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection\nCVE ID : CVE-2026-48598\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Improper Encoding or Escaping of Output vulnerability in el...", "creation_timestamp": "2026-06-02T20:53:12.402046Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/48dd0006-b33f-4155-88c7-f2d6109e337b/export"/>
    <published>2026-06-02T20:53:12.402046+00:00</published>
  </entry>
</feed>
