Home / Vulnerability Intelligence / CVE-2026-30707

CVE-2026-30707 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 18, 2026

SpeedExam Online Examination System - Broken Access Control

Published: March 17, 2026Updated: March 18, 2026Remote Exploitable

Overview

SpeedExam Online Examination System (SaaS) > v.FEV2026 contains a broken access control caused by insufficient server-side authorization in ReviewAnswerDetails ASP.NET PageMethod, letting authenticated attackers retrieve full answer keys by bypassing client-side restrictions.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated attackers can retrieve full answer keys, compromising exam integrity and confidentiality.

Mitigation

Update to the latest version with proper server-side authorization checks.

References

https://github.com/Maarckz/VulnReports/blob/main/CVE-2026-30707.md
https://github.com/Maarckz/VulnReports/blob/main/SpeedExam%20%28SECOPS.GROUP%29.md

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30707
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: unconfirmed

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N