Back to search
CVE-2026-5749
Published: Apr 22, 2026
Modified: Apr 22, 2026
PUBLISHED
Description
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.
| Vendor | Product | Versions |
|---|---|---|
Fullstep | Fullstep | affected 5unaffected 5.30.07 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now