CVE-2026-5749
πΆ mediumSummary
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.
CVSS Score
-
EPSS Score
0.1
Exploit Probability
Published Date
2026-04-22
First Seen: 2026-05-20
π― CISA SSVC Assessment Updated: Apr 22, 2026
π Exploitation Status
None
No known exploits
βοΈ Automatable
YES
Can be exploited automatically
π₯ Technical Impact
Partial
Limited system impact
π Discovered By
Alejandro Rivera LeΓ³n
SSVC data provided by
CISA
Last Modified
2026-05-19
Source
NVD π
CVSS Vector 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)