{"vulnerability": "cve-2026-10539", "sightings": [{"uuid": "93c80ba0-5428-48f6-882e-379cdca4746a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10539", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116843900249979266", "content": "CVE-2026-10539: CRITICAL auth bypass in BMC Control-M/Server (v9.0.20 \u2013 9.0.21.200). Unauthenticated attackers can execute commands. Patch status unconfirmed \u2014 monitor vendor. https://radar.offseq.com/threat/cve-2026-10539-cwe-305-authentication-bypass-by-pr-1a4c43a69f0e2740 #OffSeq #CVE202610539 #infosec #vuln", "creation_timestamp": "2026-07-01T09:00:27.839728Z"}, {"uuid": "78801514-50dd-43b0-91df-c000f17bc688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10539", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpl5q6s6c62x", "content": "CRITICAL authentication bypass (CVE-2026-10539) in BMC Control-M/Server v9.0.20 \u2013 9.0.21.200 allows unauthenticated command execution. Patch status unconfirmed \u2014 check vendor updates. https://radar.offseq.com/threat/cve-2026-10539-cwe-305-authentication-bypass-by-pr-1a4c43a69f0e2740 #OffSeq #CVE2...", "creation_timestamp": "2026-07-01T09:00:30.013901Z"}, {"uuid": "af98b248-d8c5-4d9c-b2d0-07c41fdf0970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10539", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6gnb47x2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-10539 \u0432 Control-M/Server: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/DE108861-9DE6-4279-9002-C50AB03D06B0", "creation_timestamp": "2026-07-01T09:13:02.992289Z"}, {"uuid": "d0630cd4-36f7-4000-87a4-749c21a8b3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10539", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpl7yvpcaj2i", "content": "CVE-2026-10539 - Unauthenticated command injection in Control-M/Server communication command\nCVE ID : CVE-2026-10539\n \n Published : July 1, 2026, 7:55 a.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : A Control-M/Server communication command does not sufficiently filter or saniti...", "creation_timestamp": "2026-07-01T09:41:09.252341Z"}]}