CVE-2026-14792

MEDIUM

Formbricks Survey actions.ts access control

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to version 5.1.0-rc.1 will fix this issue. The identifier of the patch is af6023b5ac3b030ffcea24fac799f76f3e3512c6. You should upgrade the affected component.

References (8)

Core 8
Core References
Vdb Entry vdb-entry
VDB-376386 | Formbricks Survey actions.ts access control
https://vuldb.com/vuln/376386
Signature, Permissions Required signature permissions-required
VDB-376386 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376386/cti
Third Party Advisory third-party-advisory
CVE-2026-14792 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14792
Third Party Advisory third-party-advisory
Submit #850791 | Formbricks 5.0.0 Improper Access Controls
https://vuldb.com/submit/850791

Scores

CVSS v3 6.5
EPSS 0.0037
EPSS Percentile 28.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-266 CWE-284
Status published
Products (2)
None/Formbricks 5.0.0
None/Formbricks 5.1.0-rc.1
Published Jul 06, 2026
Tracked Since Jul 06, 2026