Unknown · Speedexam Online Examination System · CVE-2026-30707
**Name of the Vulnerable Software and Affected Versions**
SpeedExam Online Examination System (SaaS) versions after v.FEV2026
**Description**
The software contains a Broken Access Control issue via the `ReviewAnswerDetails` ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and directly invoke this method to retrieve the full answer key. The affected API endpoint is `ReviewAnswerDetails`.
**Recommendations**
Versions after v.FEV2026: Restrict access to the `ReviewAnswerDetails` PageMethod to authorized users only.