CVE-2026-5749
Inadequate access control vulnerability in Fullstep
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.
| CWE | CWE-306 |
| Vendor | fullstep |
| Product | fullstep |
| Published | Apr 22, 2026 |
| Last Updated | Apr 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for fullstep fullstep
Be the first to know when new unknown vulnerabilities affecting fullstep fullstep are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Fullstep / Fullstep
5
References
Credits
Alejandro Rivera LeΓ³n