CVE-2026-30707: n/a
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."
AI Analysis
Technical Summary
This vulnerability in SpeedExam Online Examination System allows authenticated users to exploit broken access control via the ReviewAnswerDetails ASP.NET PageMethod. Attackers can directly invoke this method, bypassing client-side controls, to access the complete answer key. The provider has addressed this issue with an official backend service update in February 2026.
Potential Impact
An attacker with valid authentication can retrieve the full answer key for exams, compromising exam integrity and confidentiality. This can lead to unauthorized disclosure of sensitive exam content and undermine the trustworthiness of the examination system. There is no indication of impact on availability.
Mitigation Recommendations
The vulnerability has been fixed by the vendor in a backend service update released in February 2026. Users of SpeedExam Online Examination System should ensure they have applied this update to remediate the issue. No additional mitigation actions are required if the update is applied.
CVE-2026-30707: n/a
Description
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key. The provider states that this issue is "Fixed in [02/2026] backend service update."
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in SpeedExam Online Examination System allows authenticated users to exploit broken access control via the ReviewAnswerDetails ASP.NET PageMethod. Attackers can directly invoke this method, bypassing client-side controls, to access the complete answer key. The provider has addressed this issue with an official backend service update in February 2026.
Potential Impact
An attacker with valid authentication can retrieve the full answer key for exams, compromising exam integrity and confidentiality. This can lead to unauthorized disclosure of sensitive exam content and undermine the trustworthiness of the examination system. There is no indication of impact on availability.
Mitigation Recommendations
The vulnerability has been fixed by the vendor in a backend service update released in February 2026. Users of SpeedExam Online Examination System should ensure they have applied this update to remediate the issue. No additional mitigation actions are required if the update is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69b9aedc771bdb1749d151f1
Added to database: 3/17/2026, 7:43:24 PM
Last enriched: 4/23/2026, 10:53:17 PM
Last updated: 5/2/2026, 9:25:08 AM
Views: 65
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.