VYPR
Critical severityNVD Advisory· Published May 4, 2026· Updated May 6, 2026

CVE-2026-29200

CVE-2026-29200

Description

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.