CVE Catalog

CVE-2026-29200

Critical
Published: Translated: NVD NIST

Summary

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Risk Assessment

This vulnerability poses a serious risk to data security, allowing unauthorized access to user accounts of other tenants. It could lead to data leaks and privacy violations.

Recommendation

It is recommended to immediately update Comet Backup to the latest version to mitigate this vulnerability. Additionally, an audit of tenant administrator permissions should be conducted.

Original NVD description (English source)

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS