CVE-2026-1496
published 2026-03-27CVE-2026-1496: Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an…
PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.48%
37.7th percentile
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| black_duck | coverity | >= 2024.3.0 < 2025.12.0 | 2025.12.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connecthttps://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidancehttps://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer
2026-03-27
Published