{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1496", "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "state": "PUBLISHED", "assignerShortName": "BlackDuck", "dateReserved": "2026-01-27T15:53:39.147Z", "datePublished": "2026-03-27T14:14:01.871Z", "dateUpdated": "2026-03-27T14:36:04.188Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "shortName": "BlackDuck", "dateUpdated": "2026-03-27T14:14:01.871Z"}, "title": "Coverity CLI Authentication Bypass", "datePublic": "2026-03-27T13:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-384", "descriptions": [{"lang": "en", "value": "CAPEC-384 Application API Message Manipulation via Man-in-the-Middle"}]}], "affected": [{"vendor": "Black Duck", "product": "Coverity", "versions": [{"status": "affected", "version": "2024.3.0", "lessThan": "2025.12.0", "versionType": "custom"}, {"status": "unaffected", "version": "2024.3.0A"}, {"status": "unaffected", "version": "2024.3.1A"}, {"status": "unaffected", "version": "2024.3.2A"}, {"status": "unaffected", "version": "2024.6.0A"}, {"status": "unaffected", "version": "2024.6.1A"}, {"status": "unaffected", "version": "2024.9.0A"}, {"status": "unaffected", "version": "2024.9.1A"}, {"status": "unaffected", "version": "2024.12.0A"}, {"status": "unaffected", "version": "2024.12.1A"}, {"status": "unaffected", "version": "2024.12.2"}, {"status": "unaffected", "version": "2025.3.0A"}, {"status": "unaffected", "version": "2025.3.1A"}, {"status": "unaffected", "version": "2025.3.2"}, {"status": "unaffected", "version": "2025.6.0A"}, {"status": "unaffected", "version": "2025.6.2A"}, {"status": "unaffected", "version": "2025.6.4"}, {"status": "unaffected", "version": "2025.9.0A"}, {"status": "unaffected", "version": "2025.9.2A"}, {"status": "unaffected", "version": "2025.9.3"}, {"status": "unaffected", "version": "2025.12.0A"}, {"status": "unaffected", "version": "2025.12.1"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:black_duck:coverity:*:*:*:*:*:*:*:*", "versionStartIncluding": "2024.3.0", "versionEndExcluding": "2025.12.0"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.3.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.3.1a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.3.2a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.6.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.6.1a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.9.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.9.1a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.12.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.12.1a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2024.12.2:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.3.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.3.1a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.3.2:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.6.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.6.2a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.6.4:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.9.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.9.2a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.9.3:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.12.0a:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:black_duck:coverity:2025.12.1:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u00a0A malicious actor with access to the\u00a0/token\u00a0API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u00a0Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.&nbsp;<span>A malicious actor with access to the</span><span>&nbsp;</span><code>/token</code><span>&nbsp;</span><span>API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.&nbsp;</span><span>Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account.&nbsp;</span></p>"}]}], "references": [{"url": "https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496", "tags": ["vendor-advisory"]}, {"url": "https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect", "tags": ["vendor-advisory", "mitigation"]}, {"url": "https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance", "tags": ["vendor-advisory", "mitigation"]}, {"url": "https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer", "tags": ["related"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "Customers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\n\n\n\nPatched versions:\n\n\n\n\n * 2025.12.1\n\n * 2025.12.0A\n * 2025.9.2A\n * 2025.9.0A\n * 2025.6.2A\n * 2025.6.0A\n * 2025.3.1A\n * 2025.3.0A\n * 2024.12.1A\n * 2024.12.0A\n * 2024.9.1A\n * 2024.9.0A\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nFull Installers:\n\n\n\n\n\n * 2025.12.1\n * 2025.9.3\n * 2025.6.4\n * 2025.3.2\n * 2024.12.2", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Customers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.</p>\n\n<p>Patched versions:</p>\n\n<ul>\n <li>2025.12.1</li>\n<li>2025.12.0A</li><li>2025.9.2A</li><li>2025.9.0A</li><li>2025.6.2A</li><li>2025.6.0A</li><li>2025.3.1A</li><li>2025.3.0A</li><li>2024.12.1A</li><li>2024.12.0A</li><li>2024.9.1A</li><li><span>2024.9.0A</span></li></ul>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<p>Full Installers:</p>\n\n<p></p><ul><li>2025.12.1</li><li>2025.9.3</li><li>2025.6.4</li><li>2025.3.2</li><li>2024.12.2</li></ul><p></p>"}]}], "credits": [{"lang": "en", "value": "Huong Kieu from Cenobe", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:35:08.919139Z", "id": "CVE-2026-1496", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:36:04.188Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1496", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T14:35:08.919139Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:35:20.215Z"}}], "cna": {"title": "Coverity CLI Authentication Bypass", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Huong Kieu from Cenobe"}], "impacts": [{"capecId": "CAPEC-384", "descriptions": [{"lang": "en", "value": "CAPEC-384 Application API Message Manipulation via Man-in-the-Middle"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Black Duck", "product": "Coverity", "versions": [{"status": "affected", "version": "2024.3.0", "lessThan": "2025.12.0", "versionType": "custom"}, {"status": "unaffected", "version": "2024.3.0A"}, {"status": "unaffected", "version": "2024.3.1A"}, {"status": "unaffected", "version": "2024.3.2A"}, {"status": "unaffected", "version": "2024.6.0A"}, {"status": "unaffected", "version": "2024.6.1A"}, {"status": "unaffected", "version": "2024.9.0A"}, {"status": "unaffected", "version": "2024.9.1A"}, {"status": "unaffected", "version": "2024.12.0A"}, {"status": "unaffected", "version": "2024.12.1A"}, {"status": "unaffected", "version": "2024.12.2"}, {"status": "unaffected", "version": "2025.3.0A"}, {"status": "unaffected", "version": "2025.3.1A"}, {"status": "unaffected", "version": "2025.3.2"}, {"status": "unaffected", "version": "2025.6.0A"}, {"status": "unaffected", "version": "2025.6.2A"}, {"status": "unaffected", "version": "2025.6.4"}, {"status": "unaffected", "version": "2025.9.0A"}, {"status": "unaffected", "version": "2025.9.2A"}, {"status": "unaffected", "version": "2025.9.3"}, {"status": "unaffected", "version": "2025.12.0A"}, {"status": "unaffected", "version": "2025.12.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Customers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.\n\n\n\nPatched versions:\n\n\n\n\n * 2025.12.1\n\n * 2025.12.0A\n * 2025.9.2A\n * 2025.9.0A\n * 2025.6.2A\n * 2025.6.0A\n * 2025.3.1A\n * 2025.3.0A\n * 2024.12.1A\n * 2024.12.0A\n * 2024.9.1A\n * 2024.9.0A\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nFull Installers:\n\n\n\n\n\n * 2025.12.1\n * 2025.9.3\n * 2025.6.4\n * 2025.3.2\n * 2024.12.2", "supportingMedia": [{"type": "text/html", "value": "<p>Customers\nare recommended to upgrade to one of the following Coverity patched versions at their earliest availability or deploy documented mitigations.</p>\n\n<p>Patched versions:</p>\n\n<ul>\n <li>2025.12.1</li>\n<li>2025.12.0A</li><li>2025.9.2A</li><li>2025.9.0A</li><li>2025.6.2A</li><li>2025.6.0A</li><li>2025.3.1A</li><li>2025.3.0A</li><li>2024.12.1A</li><li>2024.12.0A</li><li>2024.9.1A</li><li><span>2024.9.0A</span></li></ul>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<p>Full Installers:</p>\n\n<p></p><ul><li>2025.12.1</li><li>2025.9.3</li><li>2025.6.4</li><li>2025.3.2</li><li>2024.12.2</li></ul><p></p>", "base64": false}]}], "datePublic": "2026-03-27T13:00:00.000Z", "references": [{"url": "https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496", "tags": ["vendor-advisory"]}, {"url": "https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect", "tags": ["vendor-advisory", "mitigation"]}, {"url": "https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance", "tags": ["vendor-advisory", "mitigation"]}, {"url": "https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer", "tags": ["related"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u00a0A malicious actor with access to the\u00a0/token\u00a0API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u00a0Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account.", "supportingMedia": [{"type": "text/html", "value": "<p>Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.&nbsp;<span>A malicious actor with access to the</span><span>&nbsp;</span><code>/token</code><span>&nbsp;</span><span>API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.&nbsp;</span><span>Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account.&nbsp;</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:black_duck:coverity:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2025.12.0", "versionStartIncluding": "2024.3.0"}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.1a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.3.2a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.6.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.6.1a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.9.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.9.1a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.1a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2024.12.2:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.1a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.3.2:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.2a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.6.4:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.2a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.9.3:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.12.0a:*:*:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:black_duck:coverity:2025.12.1:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "shortName": "BlackDuck", "dateUpdated": "2026-03-27T14:14:01.871Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1496", "state": "PUBLISHED", "dateUpdated": "2026-03-27T14:36:04.188Z", "dateReserved": "2026-01-27T15:53:39.147Z", "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "datePublished": "2026-03-27T14:14:01.871Z", "assignerShortName": "BlackDuck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass.\u00a0A malicious actor with access to the\u00a0/token\u00a0API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication.\u00a0Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user\u2019s Coverity Connect account."}], "id": "CVE-2026-1496", "lastModified": "2026-03-30T13:26:29.793", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@synopsys.com", "type": "Secondary"}]}, "published": "2026-03-27T15:16:48.053", "references": [{"source": "disclosure@synopsys.com", "url": "https://community.blackduck.com/s/article/Black-Duck-Security-Advisory-CVE-2026-1496"}, {"source": "disclosure@synopsys.com", "url": "https://community.blackduck.com/s/article/Instructions-on-how-to-block-token-endpoint-for-Coverity-Connect"}, {"source": "disclosure@synopsys.com", "url": "https://community.blackduck.com/s/article/WAF-IDS-IPS-Mitigation-Guidance"}, {"source": "disclosure@synopsys.com", "url": "https://github.com/blackduck-inc/Coverity-Usage-Log-Analyzer"}], "sourceIdentifier": "disclosure@synopsys.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "disclosure@synopsys.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2024.3.0,2025.12.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.3.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.3.1A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.3.2A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.6.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.6.1A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.9.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.9.1A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.12.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.12.1A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2024.12.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.3.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.3.1A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.3.2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.6.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.6.2A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.6.4"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.9.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.9.2A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.9.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.12.0A"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "2025.12.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Coverity", "source": "cna", "vendor": "Black Duck"}, "product": "coverity", "vendor": "black_duck"}], "analysis": {"en": {"generated_at": "2026-03-27T15:53:52.746905+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched Coverity Connect release such as 2025.12.1, 2025.9.3, 2025.6.4, or 2025.3.2.", "If an upgrade cannot be performed immediately, block access to the /token API endpoint using firewall rules or network segmentation.", "Implement the vendor\u2019s WAF/IDS/IPS mitigation guidance to detect and prevent unauthorized requests to the token endpoint.", "Verify that the blocking or mitigation rules are in place by attempting unauthenticated access to /token and confirming denial.", "Continuously monitor audit logs for unusual authentication attempts and enforce least\u2011privilege user roles as a protective measure."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass leading to privilege escalation"}, "threat_synthesis": {"affected_systems": "Affected releases are all Coverity Connect versions that are listed as vulnerable: 2024.12.0a, 2024.12.1a, 2024.12.2, 2024.3.0a\u20113.2, 2024.6.0a\u20116.1a, 2024.9.0a\u20119.1a, 2025.0a\u2011? (specifically 2025.12.0a, 12.1, 3.0a\u20113.2, 6.0a\u20116.4, 9.0a\u20119.3), and 2025.12.1 is a patched release along with 2025.9.3, 6.4, 3.2. Any deployment prior to these patched versions is susceptible.", "description_and_impact": "The vulnerability is caused by the absence of an error handler in Coverity Connect's authentication logic for its command\u2011line tools. A malicious actor who can reach the /token API endpoint and knows or can guess a valid username can send a specially crafted HTTP request that bypasses authentication. Once authenticated, the attacker gains all roles and privileges assigned to the targeted user, allowing full access to the Coverity Connect environment. This is a high\u2011severity authentication bypass that could lead to unauthorized data exposure and critical changes to the code analysis repository.", "risk_and_exploitability": "With a CVSS score of 9.3 the vulnerability carries a critical risk. Although EPSS is not reported, the attack surface\u2014access to the /token endpoint and knowledge of a username\u2014is generally available to external actors who can communicate with the Coverity server. The exploit requires no privileged local access and can be executed remotely, making it a straightforward privilege escalation attack. The absence of a formal KEV listing does not lessen the potential impact; security teams should treat the vulnerability as an imminent threat."}}}}, "created": "2026-03-27T20:28:35.909827+00:00", "updated": "2026-03-30T07:01:49.183578+00:00", "vendors": ["black_duck", "black_duck$PRODUCT$coverity"]}