Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens
A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthenticated attackers to overwrite sensitive configuration values, including the JWT signing secre…