CVE-2026-29200

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

CWE	CWE-639
Vendor	webpros
Product	comet backup
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for webpros comet backup

Be the first to know when new unknown vulnerabilities affecting webpros comet backup are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

WebPros / Comet Backup

20.11.0 < 26.1.2 26.2.0 < 26.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.cometbackup.com: https://support.cometbackup.com/hc/en-us/articles/40090945484823--CVE-2026-29200-%D0%A1ritical-IDOR-vulnerability-in-Comet-Backup