CVE-2026-14165

Summary

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesTuleap Enterprise Edition17.0-1 <= 17.0-31affected
Dassault SystèmesTuleap Enterprise Edition17.5-1 <= 17.5-17affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References