Skip to main content

Ontime EUVDEUVD-2026-42014

| CVE-2026-5730 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-07 TR-CERT GHSA-c7r3-xx63-qf62
7.5
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network IDOR with low complexity and confidentiality-only impact; PR:L chosen because 'Trusted Identifiers' access typically requires an authenticated low-privilege session despite the input's PR:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 08:00 vuln.today

DescriptionCVE.org

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.

This issue affects Ontime: through 04052026.

AnalysisAI

Insecure Direct Object Reference in Idvlabs Ontime (all versions through build 04052026) lets remote unauthenticated attackers read confidential records belonging to other users by tampering with user-controlled resource identifiers. Because the application trusts client-supplied keys without verifying ownership, an attacker can enumerate or substitute IDs to exfiltrate data they should not access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Ontime web endpoint
Delivery
Capture request with object ID
Exploit
Substitute/enumerate trusted identifier
Execution
Server skips ownership check
Persist
Read other users' confidential data
Impact
Exfiltrate records at scale

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to reach an Ontime HTTP endpoint that accepts a user-controlled object identifier (record ID, user ID, or document reference) and to manipulate that identifier to point at another user's resource; the server-side flaw is the absence of an ownership/authorization check on that key. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - network reachable, low complexity, no privileges or user interaction, and a confidentiality-only impact (no integrity or availability effect), consistent with data disclosure via IDOR. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends HTTP requests to an Ontime endpoint, substituting or incrementing a record/user identifier in a parameter to reference objects belonging to other accounts. Because the server trusts the supplied identifier without verifying ownership, it returns the victim's confidential data, and the attacker iterates over the ID space to harvest records at scale. …
Remediation No vendor-released patch version was identified at time of analysis; consult the vendor and the TR-CERT advisory (https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503) for a fixed build superseding 04052026 and apply it once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of Ontime deployments and assess stored data sensitivity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy