CVE-2026-32999

Summary

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

Affected Software

VendorProductVersion RangeStatus
WebProsComet Backup0 < 26.4.3affected
WebProsComet Backup0 < 26.5.0affected

Weaknesses

  • CWE-94: CWE-94 Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References