Vulnerability DatabaseCVE-2026-30825
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-30825
March 07, 2026
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user to delete any other user's PAT by providing its ID, with no ownership verification. This issue has been patched in version 2026.2.1.
Affected Packages
https://github.com/hoppscotch/hoppscotch.git (GITHUB):
Affected version(s) >=2023.4.0 <2026.2.1
Fix Suggestion:
Update to version 2026.2.1
Related Resources (2)
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7pfq-mwj3-xw9h
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.2.1
Do you need more information?
Contact Us
Weakness Type (CWE)
Authorization Bypass Through User-Controlled Key
CWE-639
EPSS
Base Score:
0.03