CVE-2026-7510
Received Received - Intake
Authorization Bypass in OWASP DefectDojo

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7510
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
owasp defectdojo to 2.55.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OWASP DefectDojo versions up to 2.55.4 within an unknown functionality of the Benchmark/Engagement/Product/Survey component. It allows an attacker to perform a manipulation that leads to an authorization bypass, meaning the attacker can gain unauthorized access or privileges. The attack can be executed remotely, and the exploit has been publicly disclosed.

Upgrading to version 2.56.0, which includes a patch identified as eb6120a379185d37eb1af17b69bb5614a830ab1f, resolves this issue.

Impact Analysis

This vulnerability can impact you by allowing an attacker to bypass authorization controls remotely. This means unauthorized users could gain access to restricted areas or perform actions they should not be allowed to, potentially compromising the security and integrity of your system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade OWASP DefectDojo to version 2.56.0 or later, as this version addresses the authorization bypass issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7510. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart