CVE-2026-1496

by Fred · 27/03/2026

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.

More information : https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496

CVE-2026-1496

Similar

Recent Posts

Categories

CVE-2026-1496

Share this:

Similar

Recent Posts

Categories

Tags