{"vulnerability": "cve-2026-5538", "sightings": [{"uuid": "ce12634b-7f6d-4f2d-bca1-fe193c211fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5538", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mipulrz63i2i", "content": "", "creation_timestamp": "2026-04-05T04:03:55.284611Z"}, {"uuid": "7896572b-1098-4565-8212-b175028285f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55388", "type": "published-proof-of-concept", "source": "https://github.com/piscinajs/piscina/security/advisories/GHSA-x9g3-xrwr-cwfg", "content": "", "creation_timestamp": "2026-06-16T21:00:59.000000Z"}, {"uuid": "07aa93e7-d2a0-4ac5-b2ce-198dabe86adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55388", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116794762930791425", "content": "Our CTI team identified a lot of activities targeting piscina (CVE-2026-55388) https://vuldb.com/vuln/372590/cti", "creation_timestamp": "2026-06-22T16:44:13.239232Z"}, {"uuid": "744c2327-3c47-4515-86f8-f4eb73e7ec55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55388", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow2fqox5z2c", "content": "CVE-2026-55388 - piscina: Prototype Pollution Gadget \u2192 RCE via inherited options.filename\nCVE ID : CVE-2026-55388\n \n Published : June 22, 2026, 4:50 p.m. | 6\u00a0hours, 19\u00a0minutes ago\n \n Description : piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and...", "creation_timestamp": "2026-06-22T23:35:07.070949Z"}, {"uuid": "01830715-67fc-4a86-82ad-a3bad081b32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55380", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpyv6ureav2v", "content": "CVE-2026-55380 - Pillow GdImageFile decompression bomb protection bypass\nCVE ID : CVE-2026-55380\n \n Published : July 6, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dime...", "creation_timestamp": "2026-07-06T20:04:54.707126Z"}]}