Auth bypass in Webpros Comet Backup

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same se…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.