CVE-2026-29200
CriticalSummary
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.
Risk Assessment
This vulnerability poses a serious risk to data security, allowing unauthorized access to user accounts of other tenants. It could lead to data leaks and privacy violations.
Recommendation
It is recommended to immediately update Comet Backup to the latest version to mitigate this vulnerability. Additionally, an audit of tenant administrator permissions should be conducted.
Original NVD description (English source)
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

