CVE-2026-29200

Published: May 4, 2026

Modified: May 4, 2026

PUBLISHED

Description

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Vendor	Product	Versions
WebPros	Comet Backup	affected `20.11.0 - < 26.1.2` affected `26.2.0 - < 26.2.2`

Weaknesses (CWE)

CWE-639

References

https://support.cometbackup.com/hc/en-us/articles/40090945484823--CVE-2026-29200-%D0%A1ritical-IDOR-vulnerability-in-Comet-Backup

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-29200

Description

Affected Products

Weaknesses (CWE)

References