NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-5749

Summary	Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.
Publication Date	April 22, 2026, 11:17 p.m.
Registration Date	April 25, 2026, 4:05 a.m.
Last Update	April 23, 2026, 6:23 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep	cve-coordination@incibe.es

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-306	重要な機能に対する認証の欠如解説	https://cwe.mitre.org/data/definitions/306.html