5 matches found
CVE-2026-44478
hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...
CVE-2026-44478 hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token
hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config sti...
CVE-2026-44478
CVE-2026-44478 concerns Hoppscotch, an open source API development ecosystem. The vulnerability chain involves an unauthenticated POST to /v1/onboarding/config that, prior to 2026.2.0, allowed overwriting the infrastructure configuration without verifying onboarding completion, potentially compro...
Hoppscotch 访问控制错误漏洞
Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch from 2026.2.0 to 2026.4.0 contained a access control vulnerability. This vulnerability stemmed from the GET /v1/onboarding/config endpoint, which still exposed all infrastructure secrets in plain...
PT-2026-40829
Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.4.0 Description An information disclosure issue exists where the 'GET /v1/onboarding/config' endpoint leaks infrastructure secrets in plaintext to unauthenticated users. This occurs specifically when the...