CVE-2026-5750 in Fullstepinformación

Resumen

por MITRE • 2026-04-22

An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/v1/suppliers//false' to list user information; and '/#/supplier-registration/supplier-registration//2' to update your user information (personal details, documents, etc.).

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

INCIBE

Reservar

2026-04-07

Divulgación

2026-04-22

Moderación

aceptado

Artículo

VDB-358849

CPE

listo

CWE

CWE-639 (confirmado)

CVSS

6.3 (VulDB)

EPSS

0.00050

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5750
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5750
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5750/

◂ Anterior Visión De Conjunto Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!