PT-2026-34333 · Unknown · Fullstep V5
Published
2026-04-22
·
Updated
2026-04-22
·
CVE-2026-5750
CVSS v4.0
7.6
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Fullstep V5
Description
An insecure direct object reference (IDOR) issue in the registration process allows authenticated users to access data belonging to other registered users through various authenticated resources. The issue affects the following endpoints:
- '/api/suppliers/v1/suppliers//false' used to list user information
- '/#/supplier-registration/supplier-registration//2' used to update user information such as personal details and documents
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fullstep V5