CVE-2026-30707

HIGH(8.1)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Risk Signal Score20/100 — NIEDRIG

CVSS 8.1 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.1

Technische Schwere

Beschreibung

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."

Referenzen

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md
https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29....