{"vulnerability": "cve-2026-57807", "sightings": [{"uuid": "2dd5ca91-708d-4575-938d-7595ebe21d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqd5js45ha2w", "content": "\ud83d\udd34 CVE-2026-57807 - Critical (9.8)\n\nAuthentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Sof...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-57807/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T22:00:48.866242Z"}, {"uuid": "6ae77f09-571f-490a-89c7-0bc64d17c3be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqdbxlqail22", "content": "CVE-2026-57807 - oauth single sign on - sso (oauth client)\nA security issue in miniOrange's OAuth Single Sign On (SSO) software allows attackers to bypass authentication using an alternative method. This affects all versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T23:20:06.351104Z"}, {"uuid": "5db1ac1b-5fd3-4823-a374-673ddf3b3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmq2jue32e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-57807 \u0432 miniOrange: \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b\n\n\n\nhttps://kripta.biz/posts/6228B95A-3683-4D68-A0DF-456519ACB9CF", "creation_timestamp": "2026-07-11T02:32:44.578138Z"}, {"uuid": "6520bdb9-8fcc-4cb2-a602-466bc3e9031a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899107707038521", "content": "CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (&lt;=38.5.8). Exploit via password recovery threatens full compromise. No patch yet \u2014 monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #CVE202657807 #OAuth #Security", "creation_timestamp": "2026-07-11T03:00:26.831919Z"}, {"uuid": "d1bd056c-5392-46f5-83c9-ea2e583ec713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdobmy6nq2d", "content": "miniOrange OAuth SSO (&lt;=38.5.8) is affected by CRITICAL CVE-2026-57807: authentication bypass via password recovery. No patch \u2014 watch for updates and secure affected systems. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #OAuth #Vulner...", "creation_timestamp": "2026-07-11T03:00:28.627120Z"}]}