EUVD-2026-24744

ID: EUVD-2026-24744

Severity: high

CVSS v4: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.

Timestamps

Normalized: 2026-04-22T15:10:30Z UTC
Last updated: 2026-04-22T15:10:30Z UTC

References

No references provided.

VulnAI

EUVD-2026-24744

Description

Timestamps

References