<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Tue, 14 Jul 2026 20:46:03 +0000</lastBuildDate>
    <item>
      <title>67d24b1a-6ce4-4822-a695-a7c1e84b091e</title>
      <link>https://vulnerability.circl.lu/sighting/67d24b1a-6ce4-4822-a695-a7c1e84b091e/export</link>
      <description>{"uuid": "67d24b1a-6ce4-4822-a695-a7c1e84b091e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4", "content": "", "creation_timestamp": "2026-07-10T02:35:03.650983Z"}</description>
      <content:encoded>{"uuid": "67d24b1a-6ce4-4822-a695-a7c1e84b091e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4", "content": "", "creation_timestamp": "2026-07-10T02:35:03.650983Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/67d24b1a-6ce4-4822-a695-a7c1e84b091e/export</guid>
      <pubDate>Fri, 10 Jul 2026 02:35:03 +0000</pubDate>
    </item>
    <item>
      <title>459e27ca-dd5a-4ef3-8dff-213b8315808e</title>
      <link>https://vulnerability.circl.lu/sighting/459e27ca-dd5a-4ef3-8dff-213b8315808e/export</link>
      <description>{"uuid": "459e27ca-dd5a-4ef3-8dff-213b8315808e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://gist.github.com/alon710/5cf8fa01fdabad32641db4fb6525028d", "content": "# CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla\n\n&amp;gt; **CVSS Score:** 2.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48598\n\n## Summary\nAn Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.\n\n## TL;DR\nUnescaped carriage returns, line feeds, and double-quotes in elixir-tesla's multipart module allow multipart header injection and request smuggling.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-116\n- **Attack Vector**: Local\n- **CVSS v4.0 Score**: 2.1 (Low)\n- **EPSS Score**: 0.00143\n- **Impact**: Low Subsequent System Integrity\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- elixir-tesla\n- **tesla**: &amp;gt;= 0.8.0, &amp;lt; 1.18.3 (Fixed in: `1.18.3`)\n\n## Mitigation\n\n- Upgrade the elixir-tesla dependency to version 1.18.3 or newer\n- Filter user-controlled input values to remove carriage returns, line feeds, and double-quote characters before parsing\n- Wrap dynamic multipart compilation steps in exception-handling blocks to prevent application crashes\n\n**Remediation Steps:**\n1. Open your mix.exs configuration file\n2. Locate the {:tesla, \"...\"} dependency line and update the version requirement to &amp;gt;= 1.18.3\n3. Execute mix deps.get to fetch the patched version of the package\n4. Run your test suite to verify no uncaught ArgumentError exceptions occur during multipart serialization\n\n## References\n\n- [CVE-2026-48598 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48598)\n- [GHSA-28jh-g32x-v9v4 Advisory on GitHub](https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4)\n- [Erlang Ecosystem Foundation CNA Advisory](https://cna.erlef.org/cves/CVE-2026-48598.html)\n- [OSV Registry Record for CVE-2026-48598](https://osv.dev/vulnerability/EEF-CVE-2026-48598)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48598) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T00:42:13.295577Z"}</description>
      <content:encoded>{"uuid": "459e27ca-dd5a-4ef3-8dff-213b8315808e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://gist.github.com/alon710/5cf8fa01fdabad32641db4fb6525028d", "content": "# CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla\n\n&amp;gt; **CVSS Score:** 2.1\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48598\n\n## Summary\nAn Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.\n\n## TL;DR\nUnescaped carriage returns, line feeds, and double-quotes in elixir-tesla's multipart module allow multipart header injection and request smuggling.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-116\n- **Attack Vector**: Local\n- **CVSS v4.0 Score**: 2.1 (Low)\n- **EPSS Score**: 0.00143\n- **Impact**: Low Subsequent System Integrity\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- elixir-tesla\n- **tesla**: &amp;gt;= 0.8.0, &amp;lt; 1.18.3 (Fixed in: `1.18.3`)\n\n## Mitigation\n\n- Upgrade the elixir-tesla dependency to version 1.18.3 or newer\n- Filter user-controlled input values to remove carriage returns, line feeds, and double-quote characters before parsing\n- Wrap dynamic multipart compilation steps in exception-handling blocks to prevent application crashes\n\n**Remediation Steps:**\n1. Open your mix.exs configuration file\n2. Locate the {:tesla, \"...\"} dependency line and update the version requirement to &amp;gt;= 1.18.3\n3. Execute mix deps.get to fetch the patched version of the package\n4. Run your test suite to verify no uncaught ArgumentError exceptions occur during multipart serialization\n\n## References\n\n- [CVE-2026-48598 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48598)\n- [GHSA-28jh-g32x-v9v4 Advisory on GitHub](https://github.com/elixir-tesla/tesla/security/advisories/GHSA-28jh-g32x-v9v4)\n- [Erlang Ecosystem Foundation CNA Advisory](https://cna.erlef.org/cves/CVE-2026-48598.html)\n- [OSV Registry Record for CVE-2026-48598](https://osv.dev/vulnerability/EEF-CVE-2026-48598)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48598) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T00:42:13.295577Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/459e27ca-dd5a-4ef3-8dff-213b8315808e/export</guid>
      <pubDate>Fri, 10 Jul 2026 00:42:13 +0000</pubDate>
    </item>
    <item>
      <title>512d7528-5f4a-4d4b-ade0-a049cd075aee</title>
      <link>https://vulnerability.circl.lu/sighting/512d7528-5f4a-4d4b-ade0-a049cd075aee/export</link>
      <description>{"uuid": "512d7528-5f4a-4d4b-ade0-a049cd075aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "Telegram/zS0m-Smw9tMC2xQZhVRiFtrXmVStzlksgIyfU5bMHDdEXnY", "content": "", "creation_timestamp": "2026-06-09T15:00:06.000000Z"}</description>
      <content:encoded>{"uuid": "512d7528-5f4a-4d4b-ade0-a049cd075aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "published-proof-of-concept", "source": "Telegram/zS0m-Smw9tMC2xQZhVRiFtrXmVStzlksgIyfU5bMHDdEXnY", "content": "", "creation_timestamp": "2026-06-09T15:00:06.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/512d7528-5f4a-4d4b-ade0-a049cd075aee/export</guid>
      <pubDate>Tue, 09 Jun 2026 15:00:06 +0000</pubDate>
    </item>
    <item>
      <title>48dd0006-b33f-4155-88c7-f2d6109e337b</title>
      <link>https://vulnerability.circl.lu/sighting/48dd0006-b33f-4155-88c7-f2d6109e337b/export</link>
      <description>{"uuid": "48dd0006-b33f-4155-88c7-f2d6109e337b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndhzwkych27", "content": "CVE-2026-48598 - CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection\nCVE ID : CVE-2026-48598\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Improper Encoding or Escaping of Output vulnerability in el...", "creation_timestamp": "2026-06-02T20:53:12.402046Z"}</description>
      <content:encoded>{"uuid": "48dd0006-b33f-4155-88c7-f2d6109e337b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48598", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndhzwkych27", "content": "CVE-2026-48598 - CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection\nCVE ID : CVE-2026-48598\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Improper Encoding or Escaping of Output vulnerability in el...", "creation_timestamp": "2026-06-02T20:53:12.402046Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/48dd0006-b33f-4155-88c7-f2d6109e337b/export</guid>
      <pubDate>Tue, 02 Jun 2026 20:53:12 +0000</pubDate>
    </item>
  </channel>
</rss>
