Home / Vulnerability Intelligence / CVE-2026-30707

CVE-2026-30707 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 18, 2026

SpeedExam Online Examination System - Broken Access Control

Published: March 17, 2026Updated: March 18, 2026Remote Exploitable

Overview

SpeedExam Online Examination System (SaaS) > v.FEV2026 contains a broken access control caused by insufficient server-side authorization in ReviewAnswerDetails ASP.NET PageMethod, letting authenticated attackers retrieve full answer keys by bypassing client-side restrictions.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can retrieve full answer keys, compromising exam integrity and confidentiality.

Mitigation

Update to the latest version with proper server-side authorization checks.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 18, 2026

🟠 CVE-2026-30707 - High (8.1) An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this meth... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30707/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30707
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: unconfirmed
EPSS: 2.8%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.8%Probability of exploitation in the next 30 days