CVE-2026-7510

Exploit

EPSS 0.05%
Veröffentlicht 30.04.2026 23:00:24
Zuletzt bearbeitet 01.05.2026 15:26:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOWAP

≫

Produkt DefectDojo

Version 2.55.0

Status affected

Version 2.55.1

Status affected

Version 2.55.2

Status affected

Version 2.55.3

Status affected

Version 2.55.4

Status affected

Version 2.56.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0

https://vuldb.com/vuln/360317

https://vuldb.com/vuln/360317/cti

https://vuldb.com/submit/803751

https://github.com/noname1337h1/cve-bug-bounty/blob/main/dfdj_risk_acceptance_raid_idor_authorization_bypass/dfdj_risk_acceptance_raid_idor_authorization_bypass.md

https://github.com/DefectDojo/django-DefectDojo/pull/14375

https://github.com/DefectDojo/django-DefectDojo/commit/eb6120a379185d37eb1af17b69bb5614a830ab1f

https://nvd.nist.gov/vuln/detail/CVE-2026-7510

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7510

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7510

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7510