Augmentt EUVD-2026-24748

| CVE-2026-6355 MEDIUM
2026-04-22 certcc
Authentication Bypass Information Disclosure Augmentt
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 23, 2026 - 00:17 vuln.today
CVSS changed
Apr 22, 2026 - 15:22 NVD
6.5 (MEDIUM)

DescriptionNVD

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.

AnalysisAI

Insecure direct object references in Augmentt 1.0 allow unauthenticated remote attackers to access and modify sensitive tenant data across different organizational contexts, bypassing authentication mechanisms through direct manipulation of object identifiers. The vulnerability enables both unauthorized information disclosure and modification of tenant configuration with CVSS 6.5 (medium severity); no public exploit code has been identified at the time of analysis, though the attack is automatable and requires no user interaction.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-24748 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy