PatchSiren cyber security CVE debrief
CVE-2026-14165 Dassault Systèmes CVE debrief
CVE-2026-14165 is an Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5. This vulnerability could allow an attacker to access data of other users without authorization. The CVE record was published on 2026-07-13T08:16:20.253Z. Users should verify their deployments and review official advisories.
- Vendor
- Dassault Systèmes
- Product
- Tuleap Enterprise Edition
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Tuleap Enterprise Edition from version 17.0 through 17.5 should be aware of this vulnerability and take necessary actions to protect their systems. Operators, platform administrators, and security teams need to review and act on this vulnerability.
Technical summary
The vulnerability has a CVSS score of 7.5 and is classified as HIGH. It affects Tuleap Enterprise Edition versions 17.0 through 17.5. The vulnerability could allow unauthorized access to user data. Official CVE and NVD records provide further details.
Defensive priority
High priority should be given to patching or mitigating this vulnerability as it could allow unauthorized access to user data.
Recommended defensive actions
- Apply the patch or update to a version outside the affected range
- Verify and limit access to Tuleap Enterprise Edition
- Monitor for suspicious activity
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets
Evidence notes
The CVE record was published on 2026-07-13T08:16:20.253Z and has not been modified since then. The NVD entry is currently Received. The vulnerability affects Tuleap Enterprise Edition from 17.0 through 17.5. Evidence is limited to CVE and NVD details.
Official resources
-
CVE-2026-14165 CVE record
CVE.org
-
CVE-2026-14165 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T08:16:20.253Z and has not been modified since then.