CVE-2026-32999

CRITICAL NVD

CVSS Score 9

Severity CRITICAL

Published May 28, 2026

Vendor unknown

Description

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices.

References

https://support.cometbackup.com/hc/en-us/articles/40655100268439--CVE-2026-32999-RCE-on-Comet-Server-via-branding-configuration