What is CVE-2026-6355?

CVE-2026-6355 is a medium-severity vulnerability in Augmentt, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.5/10. Published 2026-04-22.

How severe is CVE-2026-6355?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2026-6355 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Augmentt

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive informat…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (14.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Augmentt — versions 1.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

Public proof-of-concept exploits

Penguinsecq/CVE-2026-6355

References

cret@cert.org (Third Party Advisory)

Frequently asked questions

What is CVE-2026-6355?: CVE-2026-6355 is a medium-severity vulnerability in Augmentt, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.5/10. Published 2026-04-22.
How severe is CVE-2026-6355?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2026-6355 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.