CVE-2026-30825 — NONE (0.0)

Q: How severe is CVE-2026-30825?

CVE-2026-30825 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-30825?

Check the references section above for vendor advisories and patch information. Affected products include: Hoppscotch Hoppscotch.

Vulnerability Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.

CVSS Score

0.0

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hoppscotch	Hoppscotch	< 2026.2.1

Related Weaknesses (CWE)

CWE-639

References

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.1ProductRelease Notes
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7pfq-mwj3-xw9hVendor Advisory

FAQ

What is CVE-2026-30825?

CVE-2026-30825 is a vulnerability with a CVSS score of 0.0 (NONE). hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providin...

How severe is CVE-2026-30825?

CVE-2026-30825 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-30825?

Check the references section above for vendor advisories and patch information. Affected products include: Hoppscotch Hoppscotch.