CVE-2026-30825

Unknown CVSS: -

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.

Vendor

Hoppscotch

Product

Hoppscotch

CWE

CWE-639

Yayın Tarihi

2026-03-07 06:16:10

Güncelleme

2026-03-11 19:01:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Hoppscotch Hoppscotch 2026

Referanslar

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.1 https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7pfq-mwj3-xw9h

Benzer Kayıtlar

High

CVE-2026-28216

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify o…

Medium

CVE-2026-28217

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query ac…

Critical

CVE-2026-28215

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overw…