Skip to main content

Augmentt CVE-2026-6356

| EUVDEUVD-2026-24750 CRITICAL
Insufficient Granularity of Access Control (CWE-1220)
2026-04-22 certcc GHSA-pmj4-wrc3-26hm
9.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 23, 2026 - 00:15 vuln.today
CVSS changed
Apr 22, 2026 - 15:22 NVD
9.6 (CRITICAL)
EUVD ID Assigned
Apr 22, 2026 - 14:00 euvd
EUVD-2026-24750
Analysis Generated
Apr 22, 2026 - 14:00 vuln.today
CVE Published
Apr 22, 2026 - 13:18 nvd
CRITICAL 9.6

DescriptionCVE.org

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

AnalysisAI

Privilege escalation in Augmentt 1.0 allows authenticated low-privilege users to manipulate HTTP parameters and gain super administrator access, exposing all tenant data and configurations to unauthorized modification. CVSS 9.6 critical severity with scope change indicates cross-tenant impact potential. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privilege credentials
Delivery
Access Augmentt web app
Exploit
Intercept HTTP request
Install
Manipulate role/privilege parameter
C2
Resubmit modified request
Execute
Gain super admin access
Impact
Access cross-tenant data

Vulnerability AssessmentAI

Exploitation Attacker must possess valid Augmentt user credentials with at least standard (low-privilege) user access-confirmed by CVSS vector PR:L indicating low-privileged authenticated access required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This represents a critical real-world risk despite requiring initial authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious employee or contractor with standard user credentials logs into the Augmentt platform and intercepts HTTP requests using browser developer tools or a proxy like Burp Suite. They identify parameters controlling user role or privilege level (such as 'roleId' or 'isAdmin' fields in API requests) and modify these values to match super administrator privileges before resubmitting the request. …
Remediation Upgrade to a patched version of Augmentt if released by the vendor-check https://nvd.nist.gov/vuln/detail/CVE-2026-6356 and contact Augmentt support for current patch status as no specific fix version is confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Augmentt 1.0 deployments and document user privilege levels; implement network segmentation to restrict low-privilege user access to Augmentt administrative interfaces. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6356 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy