CVE-2026-25057

Critical CVSS: 9.1

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.

Vendor

Markusproject

Product

Markus

CWE

CWE-23

Yayın Tarihi

2026-02-09 20:15:56

Güncelleme

2026-02-19 20:25:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-23 Markus CRITICAL Markusproject 2026

Referanslar

https://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7 https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1 https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h

Benzer Kayıtlar

Medium

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs curren…

Medium

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows…

High

CVE-2026-28405

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//…

Medium

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignme…