CVE Catalog

CVE-2026-50875

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

Risk Assessment

Attackers can exploit this vulnerability to alter the webhook configurations of other users, potentially leading to significant disruptions in application functionality.

Recommendation

It is recommended to implement proper access control mechanisms and conduct code reviews to secure the endpoint against unauthorized access.

Original NVD description (English source)

Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS