CVE-2026-7510 MEDIUM

CVE-2026-7510: OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

Vendor Owap
Product DefectDojo
Weakness CWE-639 · IDOR
Published April 30, 2026
Last update May 1, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 1, 2026 Record updated

Related vulnerabilities

04Related CVE