CVE-2026-48089
CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...