Back to overview

CVE-2026-14165

HIGH
7.5
CVSS 3.1
Description
An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization.

Metadata

CVE ID
CVE-2026-14165
State
PUBLISHED
Assigner
3DS
Reserved
2026-06-30 06:02 UTC
Published
2026-07-13 07:13 UTC
Last updated
2026-07-13 07:13 UTC
Primary CWE
CWE-639
CWE-639 Authorization Bypass Through User-Controlled Key
Vendor / Product
Dassault Systèmes / Tuleap Enterprise Edition
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
Dassault Systèmes Tuleap Enterprise Edition 17.0-1 ≤ 17.0-31, 17.5-1 ≤ 17.5-17
Weakness (CWE)
CWESourceDescription
CWE-639 cna CWE-639 Authorization Bypass Through User-Controlled Key
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Back to overview