Webpros Comet Backup vulnerabilities
2 known vulnerabilities affecting webpros/comet_backup.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-32999P2CRITICALCVSS 9.0fixed in 26.4.3fixed in 26.5.02026-05-28
CVE-2026-32999 [CRITICAL] CWE-94 CVE-2026-32999: Insufficient character filtering in backup agent signing module on Comet Backup server allows authen
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.
nvd
CVE-2026-29200P3CRITICALCVSS 9.9≥ 20.11.0, < 26.1.2≥ 26.2.0, < 26.2.22026-05-04
CVE-2026-29200 [CRITICAL] CWE-639 CVE-2026-29200: A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.
nvd