Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1496

Summary
Assigner-BlackDuck
Assigner Org ID-8cad7728-009c-4a3d-a95e-ca62e6ff8a0b
Published At-27 Mar, 2026 | 14:14
Updated At-27 Mar, 2026 | 14:36
Rejected At-
Credits

Coverity CLI Authentication Bypass

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:BlackDuck
Assigner Org ID:8cad7728-009c-4a3d-a95e-ca62e6ff8a0b
Published At:27 Mar, 2026 | 14:14
Updated At:27 Mar, 2026 | 14:36
Rejected At:
▼CVE Numbering Authority (CNA)
Coverity CLI Authentication Bypass

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.

Affected Products
Vendor
Black Duck
Product
Coverity
Default Status
unaffected
Versions
Affected
  • From 2024.3.0 before 2025.12.0 (custom)
Unaffected
  • 2024.3.0A
  • 2024.3.1A
  • 2024.3.2A
  • 2024.6.0A
  • 2024.6.1A
  • 2024.9.0A
  • 2024.9.1A
  • 2024.12.0A
  • 2024.12.1A
  • 2024.12.2
  • 2025.3.0A
  • 2025.3.1A
  • 2025.3.2
  • 2025.6.0A
  • 2025.6.2A
  • 2025.6.4
  • 2025.9.0A
  • 2025.9.2A
  • 2025.9.3
  • 2025.12.0A
  • 2025.12.1
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization bypass through User-Controlled key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization bypass through User-Controlled key
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-384CAPEC-384 Application API Message Manipulation via Man-in-the-Middle
CAPEC ID: CAPEC-384
Description: CAPEC-384 Application API Message Manipulation via Man-in-the-Middle
Solutions

Customers are recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations. Patched versions: * 2025.12.1 * 2025.12.0A * 2025.9.2A * 2025.9.0A * 2025.6.2A * 2025.6.0A * 2025.3.1A * 2025.3.0A * 2024.12.1A * 2024.12.0A * 2024.9.1A * 2024.9.0A Full Installers: * 2025.12.1 * 2025.9.3 * 2025.6.4 * 2025.3.2 * 2024.12.2

Configurations
Workarounds
Exploits
Credits
finder
Huong Kieu from Cenobe
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496
vendor-advisory
https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect
vendor-advisory
mitigation
https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance
vendor-advisory
mitigation
https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer
related
Hyperlink: https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496
Resource:
vendor-advisory
Hyperlink: https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect
Resource:
vendor-advisory
mitigation
Hyperlink: https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance
Resource:
vendor-advisory
mitigation
Hyperlink: https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer
Resource:
related
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@synopsys.com
Published At:27 Mar, 2026 | 15:16
Updated At:30 Mar, 2026 | 13:26

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-639Secondarydisclosure@synopsys.com
CWE ID: CWE-639
Type: Secondary
Source: disclosure@synopsys.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496disclosure@synopsys.com
N/A
https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connectdisclosure@synopsys.com
N/A
https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidancedisclosure@synopsys.com
N/A
https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzerdisclosure@synopsys.com
N/A
Hyperlink: https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496
Source: disclosure@synopsys.com
Resource: N/A
Hyperlink: https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect
Source: disclosure@synopsys.com
Resource: N/A
Hyperlink: https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance
Source: disclosure@synopsys.com
Resource: N/A
Hyperlink: https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer
Source: disclosure@synopsys.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2026-41947
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 11.66%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 13:48
Updated-02 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.

Action-Not Available
Vendor-difylanggenius
Product-difydify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-25197
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 12.31%
||
7 Day CHG+0.01%
Published-03 Apr, 2026 | 20:23
Updated-22 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gardyn Cloud API Authorization Bypass Through User-Controlled Key

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.

Action-Not Available
Vendor-mygardynGardyn
Product-cloud_apiCloud API
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found