Artylobos

**Name of the Vulnerable Software and Affected Versions** hoppscotch versions prior to 2026.2.1 **Description** hoppscotch is an API development ecosystem. Prior to version 2026.2.1, the `DELETE` ''/v1/access-tokens/revoke'' endpoint allows any authenticated user to delete any other user's Personal Access Token (PAT) by providing its ID, without verifying ownership. The issue was addressed in version 2026.2.1. **Recommendations** Update to version 2026.2.1 or later.