← Volver a CVEs
CVE-2026-30825
NONE0.0
Descripcion
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.
Detalles CVE
Puntuacion CVSS v3.10.0
SeveridadNONE
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/7/2026
Ultima modificacion3/11/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
hoppscotch:hoppscotch
Debilidades (CWE)
CWE-639
Referencias
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.1(security-advisories@github.com)
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7pfq-mwj3-xw9h(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.