Skip to main content

Comet Backup

2 CVEs product

Monthly

CVE-2026-32999 CRITICAL PATCH Act Now

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. Combined with a Scope:Changed CVSS:3.1 score of 9.0, successful exploitation pivots from a single tenant context into the underlying server and downstream endpoints.

RCE Code Injection Comet Backup
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-29200 CRITICAL PATCH Act Now

Tenant administrators in Comet Backup 20.11.0 through 26.1.1 and 26.2.1 can impersonate any end-user account across different tenants on the same server through an insecure direct object reference (IDOR) in an API endpoint. The vulnerability enables complete cross-tenant authentication bypass in multi-tenant deployments, allowing unauthorized access to backup data, configurations, and operations of arbitrary users. With CVSS 9.9 (Critical) rating and network-accessible exploitation requiring no privileges, this represents an immediate risk to managed service providers and multi-tenant Comet Backup installations, though no active exploitation has been confirmed via CISA KEV at time of analysis.

Authentication Bypass Comet Backup
NVD
CVSS 4.0
9.9
EPSS
0.0%
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Remote code execution in Comet Backup server allows a tenant administrator to inject arbitrary code into the backup agent signing module via insufficient character filtering, ultimately running code with elevated privileges on the Comet server and on connected backup agent devices. The vendor advisory links the issue to the branding configuration path, and no public exploit has been identified at time of analysis. Combined with a Scope:Changed CVSS:3.1 score of 9.0, successful exploitation pivots from a single tenant context into the underlying server and downstream endpoints.

RCE Code Injection Comet Backup
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Tenant administrators in Comet Backup 20.11.0 through 26.1.1 and 26.2.1 can impersonate any end-user account across different tenants on the same server through an insecure direct object reference (IDOR) in an API endpoint. The vulnerability enables complete cross-tenant authentication bypass in multi-tenant deployments, allowing unauthorized access to backup data, configurations, and operations of arbitrary users. With CVSS 9.9 (Critical) rating and network-accessible exploitation requiring no privileges, this represents an immediate risk to managed service providers and multi-tenant Comet Backup installations, though no active exploitation has been confirmed via CISA KEV at time of analysis.

Authentication Bypass Comet Backup
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy