{"id":"CVE-2026-14792","summary":"Formbricks Survey actions.ts access control","details":"A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to version 5.1.0-rc.1 will fix this issue. The identifier of the patch is af6023b5ac3b030ffcea24fac799f76f3e3512c6. You should upgrade the affected component.","modified":"2026-07-08T07:22:34.695376485Z","published":"2026-07-06T03:00:11.234Z","database_specific":{"cna_assigner":"VulDB","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14792.json","cwe_ids":["CWE-266","CWE-284"]},"references":[{"type":"WEB","url":"https://github.com/formbricks/formbricks/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14792.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-14792"},{"type":"ADVISORY","url":"https://vuldb.com/cve/CVE-2026-14792"},{"type":"ADVISORY","url":"https://vuldb.com/submit/850791"},{"type":"ADVISORY","url":"https://vuldb.com/vuln/376386"},{"type":"REPORT","url":"https://vuldb.com/vuln/376386/cti"},{"type":"FIX","url":"https://github.com/formbricks/formbricks/commit/af6023b5ac3b030ffcea24fac799f76f3e3512c6"},{"type":"FIX","url":"https://github.com/formbricks/formbricks/pull/8094"},{"type":"FIX","url":"https://github.com/formbricks/formbricks/releases/tag/5.1.0-rc.1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/formbricks/formbricks","events":[{"introduced":"880385029d28d25b3d52c518680cf8ce8b174b91"},{"fixed":"af6023b5ac3b030ffcea24fac799f76f3e3512c6"},{"fixed":"6c8bfbf31057c5decce9473ea84e45a3a9ca34de"}],"database_specific":{"source":["AFFECTED_FIELD","REFERENCES"],"extracted_events":[{"introduced":"5.0.0"},{"last_affected":"5.0.0"}]}}],"versions":["5.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14792.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}]}