CVE-2026-50875 | THREATINT

Description

Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-15 | Updated 2026-06-16 | Assigner mitre

References

gist.github.com/pyuysig/49dbaa25ec20f2258749bdae6ebf0377 exploit

gist.github.com/pyuysig/49dbaa25ec20f2258749bdae6ebf0377

cve.org (CVE-2026-50875)

nvd.nist.gov (CVE-2026-50875)

Download JSON