CVE-2026-5750
Insecure direct object reference (IDOR) vulnerability in Fullstep
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/v1/suppliers//false' to list user information; and '/#/supplier-registration/supplier-registration//2' to update your user information (personal details, documents, etc.).
| CWE | CWE-639 |
| Vendor | fullstep |
| Product | fullstep |
| Published | Apr 22, 2026 |
| Last Updated | Apr 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for fullstep fullstep
Be the first to know when new unknown vulnerabilities affecting fullstep fullstep are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Fullstep / Fullstep
5
References
Credits
Alejandro Rivera LeΓ³n