HIGH
l3montree-dev
CVE published 2026-06-19
CVE-2026-48089
CVE-2026-48089 is a high-severity vulnerability in DevGuard's vulnerability management API. Prior to version 1.4.2, any authenticated user can create, update, reapply, and delete VEX rules on public assets, as well as access other vulnerability-triage write endpoints. This issue affects DevGuard API instances with one or more public assets. The vulnerability has a CVSS score of 7.1 and is classified as HI [truncated]