CVE-2026-7510

MEDIUM

OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

Title source: cna

Description

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended.

References (7)

Core 7

Core References

Vdb Entry vdb-entry

VDB-360317 | OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

https://vuldb.com/vuln/360317

Signature, Permissions Required signature permissions-required

VDB-360317 | CTI Indicators (IOB, IOC)

https://vuldb.com/vuln/360317/cti

Third Party Advisory third-party-advisory

Submit #803751 | OWASP DefectDojo < 2.56.0 Authorization Bypass

https://vuldb.com/submit/803751

Exploit exploit

https://github.com/noname1337h1/cve-bug-bounty/blob/main/dfdj_risk_acceptance_raid_idor_authorization_bypass/dfdj_risk_acceptance_raid_idor_authorization_bypass.md

View Exploit ZIP pw:eip

Patch issue-tracking patch

https://github.com/DefectDojo/django-DefectDojo/pull/14375

Patch patch

https://github.com/DefectDojo/django-DefectDojo/commit/eb6120a379185d37eb1af17b69bb5614a830ab1f

View Patch ZIP pw:eip

Patch patch

https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0

Scores

CVSS v3 6.3

EPSS 0.0028

EPSS Percentile 19.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-285 CWE-639

Status published

Products (6)

OWAP/DefectDojo 2.55.0

OWAP/DefectDojo 2.55.1

OWAP/DefectDojo 2.55.2

OWAP/DefectDojo 2.55.3

OWAP/DefectDojo 2.55.4

OWAP/DefectDojo 2.56.0

Published Apr 30, 2026

Tracked Since May 01, 2026