CVE-2026-1496 (GCVE-0-2026-1496)
Vulnerability from cvelistv5
Published
2026-03-27 14:14
Modified
2026-03-27 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization bypass through User-Controlled key
Summary
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Black Duck | Coverity |
Version: 2024.3.0 < 2025.12.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:35:08.919139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:36:04.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Coverity",
"vendor": "Black Duck",
"versions": [
{
"lessThan": "2025.12.0",
"status": "affected",
"version": "2024.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024.3.0A"
},
{
"status": "unaffected",
"version": "2024.3.1A"
},
{
"status": "unaffected",
"version": "2024.3.2A"
},
{
"status": "unaffected",
"version": "2024.6.0A"
},
{
"status": "unaffected",
"version": "2024.6.1A"
},
{
"status": "unaffected",
"version": "2024.9.0A"
},
{
"status": "unaffected",
"version": "2024.9.1A"
},
{
"status": "unaffected",
"version": "2024.12.0A"
},
{
"status": "unaffected",
"version": "2024.12.1A"
},
{
"status": "unaffected",
"version": "2024.12.2"
},
{
"status": "unaffected",
"version": "2025.3.0A"
},
{
"status": "unaffected",
"version": "2025.3.1A"
},
{
"status": "unaffected",
"version": "2025.3.2"
},
{
"status": "unaffected",
"version": "2025.6.0A"
},
{
"status": "unaffected",
"version": "2025.6.2A"
},
{
"status": "unaffected",
"version": "2025.6.4"
},
{
"status": "unaffected",
"version": "2025.9.0A"
},
{
"status": "unaffected",
"version": "2025.9.2A"
},
{
"status": "unaffected",
"version": "2025.9.3"
},
{
"status": "unaffected",
"version": "2025.12.0A"
},
{
"status": "unaffected",
"version": "2025.12.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:black_duck:coverity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025.12.0",
"versionStartIncluding": "2024.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.1a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.2a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.6.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.6.1a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.9.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.9.1a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.1a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.2:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.1a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.2:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.2a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.4:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.2a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.3:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.12.0a:*:*:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:black_duck:coverity:2025.12.1:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huong Kieu from Cenobe"
}
],
"datePublic": "2026-03-27T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u0026nbsp;\u003cspan\u003eA malicious actor with access to the\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003ccode\u003e/token\u003c/code\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAPI endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eSuccessful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u00a0A malicious actor with access to the\u00a0/token\u00a0API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u00a0Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384 Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:14:01.871Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "BlackDuck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496"
},
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect"
},
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance"
},
{
"tags": [
"related"
],
"url": "https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCustomers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\u003c/p\u003e\n\n\u003cp\u003ePatched versions:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003e2025.12.1\u003c/li\u003e\n\u003cli\u003e2025.12.0A\u003c/li\u003e\u003cli\u003e2025.9.2A\u003c/li\u003e\u003cli\u003e2025.9.0A\u003c/li\u003e\u003cli\u003e2025.6.2A\u003c/li\u003e\u003cli\u003e2025.6.0A\u003c/li\u003e\u003cli\u003e2025.3.1A\u003c/li\u003e\u003cli\u003e2025.3.0A\u003c/li\u003e\u003cli\u003e2024.12.1A\u003c/li\u003e\u003cli\u003e2024.12.0A\u003c/li\u003e\u003cli\u003e2024.9.1A\u003c/li\u003e\u003cli\u003e\u003cspan\u003e2024.9.0A\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eFull Installers:\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e2025.12.1\u003c/li\u003e\u003cli\u003e2025.9.3\u003c/li\u003e\u003cli\u003e2025.6.4\u003c/li\u003e\u003cli\u003e2025.3.2\u003c/li\u003e\u003cli\u003e2024.12.2\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Customers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\n\n\n\nPatched versions:\n\n\n\n\n * 2025.12.1\n\n * 2025.12.0A\n * 2025.9.2A\n * 2025.9.0A\n * 2025.6.2A\n * 2025.6.0A\n * 2025.3.1A\n * 2025.3.0A\n * 2024.12.1A\n * 2024.12.0A\n * 2024.9.1A\n * 2024.9.0A\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nFull Installers:\n\n\n\n\n\n * 2025.12.1\n * 2025.9.3\n * 2025.6.4\n * 2025.3.2\n * 2024.12.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Coverity CLI Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "BlackDuck",
"cveId": "CVE-2026-1496",
"datePublished": "2026-03-27T14:14:01.871Z",
"dateReserved": "2026-01-27T15:53:39.147Z",
"dateUpdated": "2026-03-27T14:36:04.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1496\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T14:35:08.919139Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T14:35:20.215Z\"}}], \"cna\": {\"title\": \"Coverity CLI Authentication Bypass\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Huong Kieu from Cenobe\"}], \"impacts\": [{\"capecId\": \"CAPEC-384\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-384 Application API Message Manipulation via Man-in-the-Middle\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Black Duck\", \"product\": \"Coverity\", \"versions\": [{\"status\": \"affected\", \"version\": \"2024.3.0\", \"lessThan\": \"2025.12.0\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"2024.3.0A\"}, {\"status\": \"unaffected\", \"version\": \"2024.3.1A\"}, {\"status\": \"unaffected\", \"version\": \"2024.3.2A\"}, {\"status\": \"unaffected\", \"version\": \"2024.6.0A\"}, {\"status\": \"unaffected\", \"version\": \"2024.6.1A\"}, {\"status\": \"unaffected\", \"version\": \"2024.9.0A\"}, {\"status\": \"unaffected\", \"version\": \"2024.9.1A\"}, {\"status\": \"unaffected\", \"version\": \"2024.12.0A\"}, {\"status\": \"unaffected\", \"version\": \"2024.12.1A\"}, {\"status\": \"unaffected\", \"version\": \"2024.12.2\"}, {\"status\": \"unaffected\", \"version\": \"2025.3.0A\"}, {\"status\": \"unaffected\", \"version\": \"2025.3.1A\"}, {\"status\": \"unaffected\", \"version\": \"2025.3.2\"}, {\"status\": \"unaffected\", \"version\": \"2025.6.0A\"}, {\"status\": \"unaffected\", \"version\": \"2025.6.2A\"}, {\"status\": \"unaffected\", \"version\": \"2025.6.4\"}, {\"status\": \"unaffected\", \"version\": \"2025.9.0A\"}, {\"status\": \"unaffected\", \"version\": \"2025.9.2A\"}, {\"status\": \"unaffected\", \"version\": \"2025.9.3\"}, {\"status\": \"unaffected\", \"version\": \"2025.12.0A\"}, {\"status\": \"unaffected\", \"version\": \"2025.12.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Customers\\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\\n\\n\\n\\nPatched versions:\\n\\n\\n\\n\\n * 2025.12.1\\n\\n * 2025.12.0A\\n * 2025.9.2A\\n * 2025.9.0A\\n * 2025.6.2A\\n * 2025.6.0A\\n * 2025.3.1A\\n * 2025.3.0A\\n * 2024.12.1A\\n * 2024.12.0A\\n * 2024.9.1A\\n * 2024.9.0A\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nFull Installers:\\n\\n\\n\\n\\n\\n * 2025.12.1\\n * 2025.9.3\\n * 2025.6.4\\n * 2025.3.2\\n * 2024.12.2\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eCustomers\\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\u003c/p\u003e\\n\\n\u003cp\u003ePatched versions:\u003c/p\u003e\\n\\n\u003cul\u003e\\n \u003cli\u003e2025.12.1\u003c/li\u003e\\n\u003cli\u003e2025.12.0A\u003c/li\u003e\u003cli\u003e2025.9.2A\u003c/li\u003e\u003cli\u003e2025.9.0A\u003c/li\u003e\u003cli\u003e2025.6.2A\u003c/li\u003e\u003cli\u003e2025.6.0A\u003c/li\u003e\u003cli\u003e2025.3.1A\u003c/li\u003e\u003cli\u003e2025.3.0A\u003c/li\u003e\u003cli\u003e2024.12.1A\u003c/li\u003e\u003cli\u003e2024.12.0A\u003c/li\u003e\u003cli\u003e2024.9.1A\u003c/li\u003e\u003cli\u003e\u003cspan\u003e2024.9.0A\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\u003cp\u003eFull Installers:\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e2025.12.1\u003c/li\u003e\u003cli\u003e2025.9.3\u003c/li\u003e\u003cli\u003e2025.6.4\u003c/li\u003e\u003cli\u003e2025.3.2\u003c/li\u003e\u003cli\u003e2024.12.2\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-03-27T13:00:00.000Z\", \"references\": [{\"url\": \"https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect\", \"tags\": [\"vendor-advisory\", \"mitigation\"]}, {\"url\": \"https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance\", \"tags\": [\"vendor-advisory\", \"mitigation\"]}, {\"url\": \"https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\\u00a0A malicious actor with access to the\\u00a0/token\\u00a0API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\\u00a0Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\\u2019s Coverity Connect account.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eVulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u0026nbsp;\u003cspan\u003eA malicious actor with access to the\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003ccode\u003e/token\u003c/code\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAPI endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eSuccessful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\\u2019s Coverity Connect account.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization bypass through User-Controlled key\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:black_duck:coverity:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2025.12.0\", \"versionStartIncluding\": \"2024.3.0\"}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.3.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.3.1a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.3.2a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.6.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.6.1a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.9.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.9.1a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.12.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.12.1a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2024.12.2:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.3.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.3.1a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.3.2:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.6.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.6.2a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.6.4:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.9.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.9.2a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.9.3:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.12.0a:*:*:*:*:*:*:*\", \"vulnerable\": false}, {\"criteria\": \"cpe:2.3:a:black_duck:coverity:2025.12.1:*:*:*:*:*:*:*\", \"vulnerable\": false}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"8cad7728-009c-4a3d-a95e-ca62e6ff8a0b\", \"shortName\": \"BlackDuck\", \"dateUpdated\": \"2026-03-27T14:14:01.871Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1496\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T14:36:04.188Z\", \"dateReserved\": \"2026-01-27T15:53:39.147Z\", \"assignerOrgId\": \"8cad7728-009c-4a3d-a95e-ca62e6ff8a0b\", \"datePublished\": \"2026-03-27T14:14:01.871Z\", \"assignerShortName\": \"BlackDuck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…