CVE-2026-25126

High CVSS: 7.1

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `"x"`) as `direction`. Downstream (`VoteServer`) treats any non-`"up"` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.

Vendor

Polarlearn

Product

Polarlearn

CWE

CWE-20

Yayın Tarihi

2026-01-29 22:15:56

Güncelleme

2026-02-20 20:46:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Polarlearn HIGH Polarlearn 2026

Referanslar

https://github.com/polarnl/PolarLearn/commit/e6227d94d0e53e854f6a46480db8cd1051184d41 https://github.com/polarnl/PolarLearn/security/advisories/GHSA-ghpx-5w2p-p3qp

Benzer Kayıtlar

Critical

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss:/…

Low

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for…

Medium

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in…