{"uuid": "cfbe9902-9872-4a82-8d3c-ad1d2a807646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-29200", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116515132214621660", "content": "\ud83d\udea8 CVE-2026-29200: CRITICAL IDOR in WebPros Comet Backup (20.11.0 \u2013 26.1.1, 26.2.1) lets tenant admins impersonate any end user on the server. No patch yet \u2014 restrict admin access and monitor for suspicious cross-tenant activity. https://radar.offseq.com/threat/cve-2026-29200-cwe-639-insecure-direct-object-refe-d3747bfb #OffSeq #infosec #CVE202629200", "creation_timestamp": "2026-05-04T07:30:25.921366Z"}