{"vulnerability": "CVE-2026-2920", "sightings": [{"uuid": "6e72c41d-5506-4280-8dd9-ee0e9b12ce1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2920", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-26-164/", "content": "", "creation_timestamp": "2026-03-06T05:00:00.000000Z"}, {"uuid": "cb935c63-4034-4319-9151-e9f067ca5769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-2920", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-gstreamer-patch-immediately", "content": "", "creation_timestamp": "2026-03-16T15:47:07.000000Z"}, {"uuid": "04745430-d449-4e58-9409-fb775715c8e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2920", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhcqhjr63r2l", "content": "", "creation_timestamp": "2026-03-18T05:20:09.854439Z"}, {"uuid": "cfbe9902-9872-4a82-8d3c-ad1d2a807646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-29200", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116515132214621660", "content": "\ud83d\udea8 CVE-2026-29200: CRITICAL IDOR in WebPros Comet Backup (20.11.0 \u2013 26.1.1, 26.2.1) lets tenant admins impersonate any end user on the server. No patch yet \u2014 restrict admin access and monitor for suspicious cross-tenant activity. https://radar.offseq.com/threat/cve-2026-29200-cwe-639-insecure-direct-object-refe-d3747bfb #OffSeq #infosec #CVE202629200", "creation_timestamp": "2026-05-04T07:30:25.921366Z"}, {"uuid": "08159aad-0b0c-4bdc-a771-f3fd527ea78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-29200", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkz5ns63hh2o", "content": "CRITICAL: WebPros Comet Backup (20.11.0 \u2013 26.1.1, 26.2.1) has an IDOR flaw letting tenant admins impersonate end users across tenants. No patch yet \u2014 restrict admin rights & monitor activity. https://radar.offseq.com/threat/cve-2026-29200-cwe-639-insecure-direct-object-refe-d3747bfb #OffSeq #CVE2...", "creation_timestamp": "2026-05-04T07:30:28.016407Z"}, {"uuid": "b70defb7-4d89-4df7-802d-4a31e363cb92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-29200", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkzp7q7ikj2g", "content": "CVE-2026-29200: A 9.9 CVSS Comet Backup Flaw Granting Total Cross-Tenant Takeover", "creation_timestamp": "2026-05-04T12:44:43.271634Z"}]}