CVE-2026-5749

Inadequate access control vulnerability in Fullstep

Description

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.

INFO

Published Date :

2026-04-22T13:23:37.971Z

Last Modified :

2026-04-22T14:06:57.793Z

Source :

INCIBE

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5749 vulnerability.

Vendors	Products
Fullstep	Fullstep

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5749.

URL	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability