CVE-2026-29200

Published: Mag 04, 2026 Last Modified: Mag 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

639

Authorization Bypass Through User-Controlled Key

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://support.cometbackup.com/hc/en-us/articles/400909454…

https://support.cometbackup.com/hc/en-us/articles/40090945484823--CVE-2026-2920…

CVE-2026-29200

Description

Authorization Bypass Through User-Controlled Key

Common Consequences

Applicable Platforms

Iscriviti alla newsletter