CVE-2026-50875
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
Risk Assessment
Attackers can exploit this vulnerability to alter the webhook configurations of other users, potentially leading to significant disruptions in application functionality.
Recommendation
It is recommended to implement proper access control mechanisms and conduct code reviews to secure the endpoint against unauthorized access.
Original NVD description (English source)
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

