CVE-2026-6355

MEDIUM

Augmentt < 1.0 - IDOR

Title source: rule

Description

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.

Exploits (1)

nomisec WRITEUP

by Penguinsecq · poc

https://github.com/Penguinsecq/CVE-2026-6355

View Code ZIP pw:eip

References (1)

https://github.com/Penguinsecq/CVE-2026-6355/

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

Status published

Products (1)

Augmentt/Augmentt 1.0

Published Apr 22, 2026

Tracked Since Apr 22, 2026