Hoppscotch
Monthly
hoppscotch is an open source API development ecosystem. [CVSS 6.5 MEDIUM]
Hoppscotch prior to version 2026.2.0 contains authorization bypass vulnerabilities in its environment management APIs that allow any authenticated user to read, modify, or delete other users' environments without ownership validation. The affected mutations lack proper user identity verification, enabling attackers to access stored API keys, authentication tokens, and secrets contained within targeted environments. Public exploit code exists for this vulnerability and no patch is currently available.
Unauthenticated infrastructure overwrite in Hoppscotch API development ecosystem before 2026.2.0. Attackers can overwrite the entire infrastructure configuration. PoC available.
hoppscotch is an open source API development ecosystem. [CVSS 6.5 MEDIUM]
Hoppscotch prior to version 2026.2.0 contains authorization bypass vulnerabilities in its environment management APIs that allow any authenticated user to read, modify, or delete other users' environments without ownership validation. The affected mutations lack proper user identity verification, enabling attackers to access stored API keys, authentication tokens, and secrets contained within targeted environments. Public exploit code exists for this vulnerability and no patch is currently available.
Unauthenticated infrastructure overwrite in Hoppscotch API development ecosystem before 2026.2.0. Attackers can overwrite the entire infrastructure configuration. PoC available.