{"vulnerability": "CVE-2026-54636", "sightings": [{"uuid": "c39a3ee3-98e4-49b8-a6f1-09e5daa87583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54636", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7khj3szc2p", "content": "CVE-2026-54636 - Dokku: OS Command Injection via app.json managed Cron\nCVE ID : CVE-2026-54636\n \n Published : June 26, 2026, 4:23 p.m. | 1\u00a0hour, 21\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json f...", "creation_timestamp": "2026-06-26T18:16:20.003934Z"}, {"uuid": "abb6e671-910b-4c49-a28d-b7fc1c225d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54636", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpe55gm63o2y", "content": "CVE-2026-54636 - Critical OS Command Injection in Dokku. App.json cron commands with shell chars can break container isolation. CVSS 9.0. Update to 0.38.7 immediately. #CVE #Dokku #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-54636/", "creation_timestamp": "2026-06-28T14:01:21.957171Z"}]}