HomeCVE Intelligence › CVE-2026-48089
CVSS 7.5 HIGH Vulnerability

CVE-2026-48089: DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapp…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-48089
Vendorgo
Affected Productgithub.com/l3montree-dev/devguard
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the other vulnerability-triage write endpoints exposed under a public asset, including: - VEX rule create / update / reapply / delete

• Dependency-vuln event creation (accept / reject / mitigate decisions), batch event creation, vuln sync, and mitigation
• License risk creation
• External reference writes
• Artifact creation and license refresh The attacker needs a valid account on the instance, but no membership in the victim organization, project, or asset is required. Security impact is

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-48089 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence