Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 15 Jun 2026 17:48:07 +0000 ec3a706b-0d64-4703-aafe-2d118ef8d8ae https://vulnerability.circl.lu/sighting/ec3a706b-0d64-4703-aafe-2d118ef8d8ae/export {"uuid": "ec3a706b-0d64-4703-aafe-2d118ef8d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/116663533676457323", "content": "CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/writeSeverity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)CWE: CWE-59 (Improper Link Resolution Before File Access)\nA rogue SFTP server can return symlink targets (absolute paths or relative \"../../../\" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary \"cp\" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.\nhttps://www.openwall.com/lists/oss-security/2026/05/30/3\n#CVE_2026_47187", "creation_timestamp": "2026-05-30T12:30:53.342192Z"} {"uuid": "ec3a706b-0d64-4703-aafe-2d118ef8d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://infosec.exchange/users/harrysintonen/statuses/116663533676457323", "content": "CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/writeSeverity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)CWE: CWE-59 (Improper Link Resolution Before File Access)\nA rogue SFTP server can return symlink targets (absolute paths or relative \"../../../\" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary \"cp\" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets.\nhttps://www.openwall.com/lists/oss-security/2026/05/30/3\n#CVE_2026_47187", "creation_timestamp": "2026-05-30T12:30:53.342192Z"} https://vulnerability.circl.lu/sighting/ec3a706b-0d64-4703-aafe-2d118ef8d8ae/export Sat, 30 May 2026 12:30:53 +0000 bfaaf389-63e5-4dfc-8c6c-335888707482 https://vulnerability.circl.lu/sighting/bfaaf389-63e5-4dfc-8c6c-335888707482/export {"uuid": "bfaaf389-63e5-4dfc-8c6c-335888707482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn34f42qcq2r", "content": "CVE-2026-47187, CVE-2026-48711: sshfs", "creation_timestamp": "2026-05-30T13:03:24.621529Z"} {"uuid": "bfaaf389-63e5-4dfc-8c6c-335888707482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn34f42qcq2r", "content": "CVE-2026-47187, CVE-2026-48711: sshfs", "creation_timestamp": "2026-05-30T13:03:24.621529Z"} https://vulnerability.circl.lu/sighting/bfaaf389-63e5-4dfc-8c6c-335888707482/export Sat, 30 May 2026 13:03:24 +0000 49babe28-0d2f-41c2-82c6-44e8ef6b3054 https://vulnerability.circl.lu/sighting/49babe28-0d2f-41c2-82c6-44e8ef6b3054/export {"uuid": "49babe28-0d2f-41c2-82c6-44e8ef6b3054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/evirus.bsky.social/post/3mo734wrr2c2x", "content": "I updated sshfs to 3.7.6-bp160.1.1 on Leap 16 and all my symlinks that traversed folders on remote machines broke. Looks like this is a deliberate change to fix CVE-2026-47187 symlink escape shenanigans. Adding follow_symlinks after -o restores the old behavior.", "creation_timestamp": "2026-06-13T20:17:04.767870Z"} {"uuid": "49babe28-0d2f-41c2-82c6-44e8ef6b3054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47187", "type": "seen", "source": "https://bsky.app/profile/evirus.bsky.social/post/3mo734wrr2c2x", "content": "I updated sshfs to 3.7.6-bp160.1.1 on Leap 16 and all my symlinks that traversed folders on remote machines broke. Looks like this is a deliberate change to fix CVE-2026-47187 symlink escape shenanigans. Adding follow_symlinks after -o restores the old behavior.", "creation_timestamp": "2026-06-13T20:17:04.767870Z"} https://vulnerability.circl.lu/sighting/49babe28-0d2f-41c2-82c6-44e8ef6b3054/export Sat, 13 Jun 2026 20:17:04 +0000