Back to CVE List

CVE-2026-59720

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without authentication and potentially expose sensitive API data. This issue is fixed in version 2026.6.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
hoppscotch
Product
hoppscotch

External References

Discussion (0)

Add Comment

No comments yet. Be the first!