Vulnerability Description
An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/v1/suppliers//false' to list user information; and '/#/supplier-registration/supplier-registration//2' to update your user information (personal details, documents, etc.).
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-5750?
CVE-2026-5750 is a documented vulnerability. An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerabl...
How severe is CVE-2026-5750?
CVSS scoring is not yet available for CVE-2026-5750. Check NVD for updates.
Is there a patch for CVE-2026-5750?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.