CVE-2026-42202

Name of the Vulnerable Software and Affected Versions nova-toggle-5 versions prior to 1.3.0

Description The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId}" was protected only by web and auth: middleware. This allowed any user authenticated on the configured guard to flip boolean attributes on any Nova resource, including users without access to Nova. Additionally, the endpoint accepted an arbitrary attribute parameter, enabling callers to toggle any boolean column on the underlying model regardless of whether it was exposed as a Toggle field on the resource.

Recommendations Update to version 1.3.0. As a temporary workaround, remove the package or restrict access to the "/nova-vendor/nova-toggle/toggle/*" routes using additional middleware that enforces the viewNova gate.