TROYANOSYVIRUS
Back to CVEs

CVE-2026-30707

HIGH
8.1

Description

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."

CVE Details

CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/17/2026
Last Modified3/24/2026
Sourcenvd
Honeypot Sightings0

Weaknesses (CWE)

CWE-284

References

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md(cve@mitre.org)
https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.