CVE-2026-5749

Name of the Vulnerable Software and Affected Versions Fullstep version V5

Description Inadequate access control in the registration process allows unauthenticated users to obtain a valid JWT (JSON Web Token), which is a compact, URL-safe means of representing claims to be transferred between two parties. This could enable an attacker to interact with authenticated API resources and compromise the confidentiality of the affected resource.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.