Primary

Context

Fullstep V5 Access Control Vulnerability Allowing Unauthenticated JWT Token Acquisition

Vulnerability

A vulnerability exists in the registration process of Fullstep V5 due to inadequate access control. This flaw could enable unauthenticated users to obtain a valid JSON Web Token (JWT) and use it to access authenticated API resources. Exploiting this vulnerability could lead to unauthorized access to sensitive information, as the valid token would allow interaction with protected API endpoints.

Impact

Successful exploitation could allow an unauthenticated attacker to compromise the confidentiality of resources accessed through the API, using the acquired JWT token.

Remediation

Users can upgrade to Fullstep version 5.30.07, which has been available since January 29, 2026, to address this vulnerability.

Added: Apr 22, 2026, 2:22 PM

Updated: Apr 22, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fullstep V5 Access Control Vulnerability Allowing Unauthenticated JWT Token Acquisition

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating