Auth bypass in Hypr Server

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (20.3th percentile) — read the EPSS interpretation.

Affected products

Hypr Server — versions 9.5.2

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

www.hypr.com/trust-center/security-advisories