CVE-2026-30707

Published: Mar 17, 2026Modified: May 19, 2026Deferred

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md

Source: cve@mitre.org

https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md

Source: cve@mitre.org

Timeline

No history available yet.