{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2414", "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "state": "PUBLISHED", "assignerShortName": "HYPR", "dateReserved": "2026-02-12T16:57:17.576Z", "datePublished": "2026-03-25T17:03:03.308Z", "dateUpdated": "2026-03-25T17:03:03.308Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "shortName": "HYPR", "dateUpdated": "2026-03-25T17:03:03.308Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "HYPR", "product": "Server", "versions": [{"status": "affected", "version": "9.5.2", "lessThan": "10.7.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.<p>This issue affects Server: from 9.5.2 before 10.7.2.</p>"}]}], "references": [{"url": "https://www.hypr.com/trust-center/security-advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.6, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2."}], "id": "CVE-2026-2414", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@hypr.com", "type": "Secondary"}]}, "published": "2026-03-25T17:16:57.490", "references": [{"source": "security@hypr.com", "url": "https://www.hypr.com/trust-center/security-advisories"}], "sourceIdentifier": "security@hypr.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@hypr.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.5.2,10.7.2)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "server", "vendor": "hypr"}], "analysis": {"en": {"generated_at": "2026-03-25T19:43:35.672617+00:00", "value": {"mitigation_remediation": ["Upgrade HYPR Server to version 10.7.2 or later.", "Verify the server version after applying the patch.", "If patching cannot be performed immediately, restrict or monitor the use of user\u2011controlled keys and enforce strict authorization checks.", "Continuously review system logs for unauthorized privilege changes."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation via Authorization Bypass"}, "threat_synthesis": {"affected_systems": "HYPR Server versions from 9.5.2 up to but excluding 10.7.2 are affected. Any installation of these releases should be considered at risk.", "description_and_impact": "The vulnerability is an authorization bypass that permits a user\u2011controlled key to elevate privileges on a HYPR Server. This flaw, identified as CWE\u2011639, means an attacker who can supply such a key may assume higher roles than intended, potentially disrupting confidentiality, integrity, or availability of the affected system.", "risk_and_exploitability": "The CVSS score of 5.6 indicates moderate severity. No EPSS score is publicly disclosed, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector involves a user inserting a malicious key through a permitted interface; if such input can be supplied by an unauthenticated or low\u2011privileged user, remote privilege escalation is possible. Given the moderate score and lack of evidence of widespread exploitation, the overall risk is moderate but should be mitigated promptly."}}}}, "created": "2026-03-25T21:46:39.444027+00:00", "title": "Authorization Bypass in HYPR Server Enabling Privilege Escalation", "updated": "2026-03-26T11:34:23.025399+00:00", "vendors": ["hypr", "hypr$PRODUCT$server"]}