CVE-2026-30707

HIGH

8.1

Descripcion

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."

Detalles CVE

Puntuacion CVSS v3.18.1

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado3/17/2026

Ultima modificacion3/24/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-284

Referencias

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md(cve@mitre.org)

https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.