CVE-2026-30707
CVE-2026-30707
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/a