Auth bypass in L3montree-dev Devguard
CVE-2026-48089
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no member…
Affected products
- L3montree-dev Devguard — versions < 1.4.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)