CVE-2026-29200

Vulnerability Description

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Related Weaknesses (CWE)

CWE-639

References

https://support.cometbackup.com/hc/en-us/articles/40090945484823--CVE-2026-29200

FAQ

What is CVE-2026-29200?

CVE-2026-29200 is a documented vulnerability. A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user ...

How severe is CVE-2026-29200?

CVSS scoring is not yet available for CVE-2026-29200. Check NVD for updates.

Is there a patch for CVE-2026-29200?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.