← Voltar para CVEs
CVE-2026-30825
NONE0.0
Descricao
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.
Detalhes CVE
Pontuacao CVSS v3.10.0
SeveridadeNONE
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/7/2026
Ultima modificacao3/11/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
hoppscotch:hoppscotch
Fraquezas (CWE)
CWE-639
Referencias
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.1(security-advisories@github.com)
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7pfq-mwj3-xw9h(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.