Vulnerability in L3montree-dev Devguard

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when…

EPSS: 0.001 (20.5th percentile) — read the EPSS interpretation.

Affected products

L3montree-dev Devguard — versions < 1.2.2

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)