{"vulnerability": "CVE-2026-40261", "sightings": [{"uuid": "87237212-af51-4934-9f0d-f16a49933434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://t.me/GithubRedTeam/80653", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-40176-cve-2026-40261\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a daptheHuman\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-17 05:53:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-17T06:00:04.000000Z"}, {"uuid": "00688eac-75c3-4cef-a48c-5844a91da83a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/80512", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a composer-CVE-2026-40261-CVE-2026-40176-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a terminat0r7031\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-16 05:41:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-16T06:00:05.000000Z"}, {"uuid": "06e8cb23-107e-4fe2-a74d-3d1f574660ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116408385891917391", "content": "", "creation_timestamp": "2026-04-15T11:03:26.069721Z"}, {"uuid": "a168372d-1a0e-4064-b3b1-856c07a92fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/packagist.com/post/3mjh4zxgvfk2v", "content": "", "creation_timestamp": "2026-04-14T10:06:19.878687Z"}, {"uuid": "faeaeb58-43ee-499a-8c8f-a863d3cf3330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/tomoyamachi.bsky.social/post/3mjiod7cbf32b", "content": "", "creation_timestamp": "2026-04-15T00:48:18.370711Z"}, {"uuid": "89fb7fc6-6ed5-4fcb-9f90-badce6d60890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjitxvbi6n2t", "content": "", "creation_timestamp": "2026-04-15T02:29:21.626946Z"}, {"uuid": "a7b9bbb0-ea3a-4c7b-9510-4277e14fee2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40261", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mjixvm7nn52b", "content": "", "creation_timestamp": "2026-04-15T03:39:40.347900Z"}, {"uuid": "b863a65f-b11f-4af7-8f23-676ebae4e229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://t.me/thehackernews/8803", "content": "\u26a0\ufe0f ALERT - Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity.\n\nMalicious composer.json or crafted source refs can execute arbitrary commands\u2014even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution.\n\n\ud83d\udd17 Read \u2192 https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html", "creation_timestamp": "2026-04-14T16:04:53.000000Z"}, {"uuid": "df1ce2b2-1e2e-4379-a753-42a955b8b2b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://t.me/true_secator/8107", "content": "\u0412 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0434\u043b\u044f PHP Composer \u0437\u0430\u043a\u0440\u0430\u043b\u0438\u0441\u044c \u0434\u0432\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0434\u0440\u0430\u0439\u0432\u0435\u0440 Perforce VCS (\u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439).\n\n\u041f\u0435\u0440\u0432\u0430\u044f, CVE-2026-40176 (CVSS: 7.8) \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u044e\u0449\u0435\u043c\u0443 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435 composer.json, \u043e\u0431\u044a\u044f\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 Perforce VCS, \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0435\u0433\u043e Composer.\n\n\u0412\u0442\u043e\u0440\u0430\u044f, CVE-2026-40261\u00a0(CVSS: 8.8) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0443\u044e \u043c\u0435\u0442\u0430\u0441\u0438\u043c\u0432\u043e\u043b\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438.\n\n\u0412 \u043e\u0431\u043e\u0438\u0445 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u0445 Composer \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u044d\u0442\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 Perforce VCS \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d, \u0447\u0442\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438: >= 2.3, < 2.9.6 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.9.6) \u0438 >= 2.0, < 2.2.27 (\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.2.27).\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0435\u0441\u043b\u0438, \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0435\u043d\u043e, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u044b composer.json \u043f\u0435\u0440\u0435\u0434 \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c Composer \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u043b\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 Perforce, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f.\n\n\u0422\u0430\u043a\u0436\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 Composer, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b Composer \u0434\u043b\u044f \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0438 \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 --prefer-dist \u0438\u043b\u0438 preferred-install: dist.\n\nComposer \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u043b\u0430 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 Packagist.org \u0438 \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u043f\u0443\u0442\u0435\u043c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0441\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 Perforce.\n\n\u041e\u0436\u0438\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 Packagist.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043c\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 Perforce \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043d\u0430 Packagist.org \u0441 \u043f\u044f\u0442\u043d\u0438\u0446\u044b, 10 \u0430\u043f\u0440\u0435\u043b\u044f 2026 \u0433\u043e\u0434\u0430. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Composer \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435.", "creation_timestamp": "2026-04-15T15:40:06.000000Z"}, {"uuid": "6bfdce60-4a75-42e8-b5a3-e84f24cea007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/devops-daily.com/post/3mjjd4f5mzg2c", "content": "", "creation_timestamp": "2026-04-15T07:00:18.675599Z"}, {"uuid": "562a6dc8-c583-4e84-94ae-86aff26115d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "Telegram/ajbOyvFAewWZ2L70l5GRQuj2w_RnDYaN4zfpEHfJ_h7NMuY", "content": "", "creation_timestamp": "2026-04-15T23:27:35.000000Z"}, {"uuid": "e66a3c1c-2b04-408b-8e95-aab52aa2bf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/mrpunyapal.dev/post/3mjkr2ewmb225", "content": "", "creation_timestamp": "2026-04-15T20:42:30.863928Z"}, {"uuid": "9467865c-676f-4fd2-b1ca-39bb954851e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/mrpunyapal.dev/post/3mjkr2hrv5s25", "content": "", "creation_timestamp": "2026-04-15T20:42:31.706959Z"}, {"uuid": "f9f22540-eafb-4918-af98-c54e2e5a1dd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116410980213971611", "content": "", "creation_timestamp": "2026-04-15T22:03:11.968395Z"}, {"uuid": "83c2a59b-1f65-403e-b108-bf2010525aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjkydkcjsu2k", "content": "", "creation_timestamp": "2026-04-15T22:52:47.140266Z"}, {"uuid": "775d8702-f565-4a18-8ad1-5dc76e41a0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3mjp6utqoss2g", "content": "", "creation_timestamp": "2026-04-17T15:00:29.722261Z"}, {"uuid": "4c7f0827-d7ce-4197-bf8b-680fa644435d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkds2vqa2t2p", "content": "", "creation_timestamp": "2026-04-25T19:37:07.683645Z"}, {"uuid": "7fc6e23a-3fce-4e51-b835-abceb24329be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mknjafwaxg2f", "content": "Composer (PHP package manager) shipped 2.9.6 in April with two command-injection fixes in its Perforce driver. CVE-2026-40261, severity 8.8. A malicious composer.json runs the shell whether or not Perforce is installed. Most CI teams keep no audit trail.\n\n#PHP #CyberSecurity #DevOps", "creation_timestamp": "2026-04-29T16:25:46.239382Z"}]}