Vulnerability Description
Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-5749?
CVE-2026-5749 is a documented vulnerability. Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Succe...
How severe is CVE-2026-5749?
CVSS scoring is not yet available for CVE-2026-5749. Check NVD for updates.
Is there a patch for CVE-2026-5749?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.