Skip to main content

Tuleap Enterprise Edition CVE-2026-14165

| EUVDEUVD-2026-43300 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-13 3DS GHSA-8q3h-3r8x-274j
7.5
CVSS 3.1 · Vendor: 3DS
Share

Severity by source

Vendor (3DS) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable IDOR with low complexity, but reaching other users' data realistically needs an authenticated session (PR:L); read-only exposure yields C:H, I:N, A:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (3DS).

CVSS VectorVendor: 3DS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 08:22 vuln.today
CVE Published
Jul 13, 2026 - 07:13 cve.org
HIGH 7.5

DescriptionCVE.org

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization.

AnalysisAI

Insecure direct object reference (IDOR) in Dassault Systèmes Tuleap Enterprise Edition 17.0 through 17.5 lets attackers read other users' data by manipulating a user-controlled key/identifier, breaking horizontal authorization boundaries. The CVSS 3.1 vector (AV:N/PR:N) scores it as remotely reachable with high confidentiality impact but no integrity or availability effect. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Tuleap instance
Delivery
Identify data endpoint using object ID
Exploit
Substitute another user's identifier
Execution
Server skips ownership check
Persist
Retrieve unauthorized user data
Impact
Enumerate IDs to harvest data

Vulnerability AssessmentAI

Exploitation Exploitation targets a Tuleap Enterprise Edition (17.0-17.5) endpoint that fetches data using a client-supplied object key (an artifact, record, user, or resource identifier) without verifying the requester's ownership of that object; the attacker must be able to reach the affected endpoint over the network and supply or enumerate valid identifiers belonging to other users. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Severity is driven entirely by confidentiality: CVSS 3.1 base 7.5 comes from C:H with I:N/A:N, meaning read-only data exposure and no ability to modify or disrupt. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with (likely) a low-privilege Tuleap account issues API or web requests to a data-retrieval endpoint, substituting the object identifier tied to their own account with identifiers belonging to other users or projects. Because the server trusts the user-supplied key without an ownership check, it returns data the attacker should not see, and iterating through IDs enables bulk harvesting of other users' information. …
Remediation Patch available per vendor advisory: upgrade Tuleap Enterprise Edition to a fixed release above 17.5 as directed in the 3DS advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-14165 (an exact fixed version was not included in the provided data, so confirm the target release with the advisory before deploying). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit all Tuleap Enterprise Edition deployments to identify instances running versions 17.0-17.5, enable comprehensive access logging at the application and database layer, and create full encrypted backups. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy