CVE-2026-6355

MEDIUM

Augmentt < 1.0 - Insecure Direct Object Reference

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6355. PoCs published by Penguinsecq.

AI-analyzed exploit summary The repository provides a detailed technical writeup of CVE-2026-6355, an IDOR vulnerability in the Augmentt Web Application allowing cross-tenant access. It includes steps to reproduce, impact analysis, and mitigation recommendations but lacks functional exploit code.

Description

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.

Exploits (1)

nomisec WRITEUP
by Penguinsecq · poc
https://github.com/Penguinsecq/CVE-2026-6355

The repository provides a detailed technical writeup of CVE-2026-6355, an IDOR vulnerability in the Augmentt Web Application allowing cross-tenant access. It includes steps to reproduce, impact analysis, and mitigation recommendations but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Augmentt Web Application (version unknown, released before October 2025)
Auth required
Prerequisites: valid user account · proxy tool for request interception
devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (2)
augmentt/augmentt < 2025-10-02
Augmentt/Augmentt 1.0
Published Apr 22, 2026
Tracked Since Apr 22, 2026