Security Advisory

CVE-2026-30825

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-07 05:13:13

Last updated 2026-03-09 20:42:45

Assigner GitHub_M

State PUBLISHED

Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other users PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.

← Browse all CVEs View on cve.org ↗