NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-29200

Summary	A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.
Publication Date	May 4, 2026, 4:16 p.m.
Registration Date	May 5, 2026, 4:06 a.m.
Last Update	May 4, 2026, 4:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://support.cometbackup.com/hc/en-us/articles/40090945484823--CVE-2026-29200-%D0%A1ritical-IDOR-vulnerability-in-Comet-Backup	support@hackerone.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html