{"vulnerability": "CVE-2026-4926", "sightings": [{"uuid": "3dd28cd5-18a0-4ff3-98de-b56b1adb7610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3mhybqr5nz227", "content": "", "creation_timestamp": "2026-03-26T18:55:29.810898Z"}, {"uuid": "e0227e74-a132-42d4-ab78-e6321e8651a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhyfjwhnel27", "content": "", "creation_timestamp": "2026-03-26T20:03:12.665976Z"}, {"uuid": "45866c07-3361-4832-a12d-52c22eba1dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyirqieyp2m", "content": "", "creation_timestamp": "2026-03-26T21:01:16.638369Z"}, {"uuid": "c3b94e2e-eedf-49b4-8df3-91e21b7d796b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4926", "type": "seen", "source": "Telegram/knkV6U7RC4OpKxR0GhJKoJS2C9Z__Lnhn5rNmC0CAguDvjk", "content": "", "creation_timestamp": "2026-03-26T21:36:49.000000Z"}, {"uuid": "d0aaac56-2aab-4f04-8637-3616e44a3e5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49269", "type": "seen", "source": "https://gist.github.com/scndls/9cbe31f2b0b1578eaeb311e601335355", "content": "This issue affects Apple M1 systems. I confirmed it on an Apple M1 MacBook Air (MacBookAir10,1) running macOS 26.3.1 (25D2128), with SIP enabled, no root access, and no special entitlements beyond App Sandbox.\n\nThe issue is a cross-process information disclosure caused by residual GPU register state. Apple M1 GPUs can leave register values behind between compute shader dispatches from different processes.\n\nThis is a sandbox boundary issue. In my proof of concept, one sandboxed app (`GPUVictim.app`) generates a fresh random 128-bit secret with `SecRandomCopyBytes` and loads it into GPU registers. A second sandboxed\napp (`GPUAttacker.app`), running as a separate sandboxed process, recovers that secret from stale GPU register state.\n\nThe two apps do not share files, memory, IPC, sockets, XPC, pasteboard, IOSurface, MTLSharedEvent, or special permissions. The attacker writes the recovered values into its own Metal output buffer, but the values\ncame from the victim process.\n\nThe security impact is confidentiality loss across app sandbox boundaries. If sensitive data is processed by GPU code and reaches GPU registers, a separate sandboxed process may be able to recover that data\nlater. Depending on the victim workload, this kind of data could include application secrets, API tokens, password-derived material, private user data, or other values that should remain confined to the victim\nprocess.\n\nIn automated testing, the attacker recovered the exact 128-bit victim secret in 20 out of 20 positive trials, with a fresh random secret each time. Attacker-only negative controls did not recover the victim\nsecret.\n\nA video demonstration is available here:\n\nhttps://youtu.be/Wzh9ZHjyxK8\n\nApple disputed CVE assignment and stated that the behavior was addressed at the hardware level in current-generation Apple Silicon. MITRE TL-Root reviewed the dispute and determined that the issue meets the\ncriteria for CVE assignment. MITRE instructed publication of CVE-2026-49269 as a disputed CVE record.\n", "creation_timestamp": "2026-05-29T08:25:41.000000Z"}, {"uuid": "1a076b4b-fbe0-4156-9306-6bc3311699df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49267", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5lqqqiav2d", "content": "CVE-2026-49267: Apache Airflow: No certificate validation on SMTP STARTTLS connections", "creation_timestamp": "2026-05-31T12:43:41.009829Z"}]}