{"vulnerability": "cve-2026-5560", "sightings": [{"uuid": "d0a0a45a-aa12-40f7-b820-3baa36683c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5560", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3miqs3e4njf23", "content": "", "creation_timestamp": "2026-04-05T12:51:36.358435Z"}, {"uuid": "e44eea52-fb1e-447a-9fc9-d49ec100d908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55603", "type": "published-proof-of-concept", "source": "https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm", "content": "", "creation_timestamp": "2026-06-17T17:17:39.000000Z"}, {"uuid": "97e4e824-c017-4b43-b75f-ff267c5a0fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55602", "type": "published-proof-of-concept", "source": "https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj", "content": "", "creation_timestamp": "2026-06-17T17:17:28.000000Z"}, {"uuid": "ba0068d4-71b2-46ba-b1c9-f50f336e6cc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55603", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mox25jonrk2t", "content": "CVE-2026-55603 - CRLF Injection in Http-proxy-middleware. CVSS 7.5. Allows header manipulation via multipart form data. No patch available yet. Mitigate by avoiding untrusted input in body parsers. #CVE #infosec #nodejs\n\nhttps://www.valtersit.com/cve/CVE-2026-55603/", "creation_timestamp": "2026-06-23T09:03:07.163423Z"}]}