CVE-2026-14165 PUBLISHED

Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5

Assigner: 3DS
Reserved: 30.06.2026 Published: 13.07.2026 Updated: 13.07.2026

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Product Status

Vendor Dassault Systèmes
Product Tuleap Enterprise Edition
Versions Default: unaffected
  • affected from 17.0-1 to 17.0-31 (incl.)
  • affected from 17.5-1 to 17.5-17 (incl.)

References

Problem Types

  • CWE-639 Authorization Bypass Through User-Controlled Key CWE