CVE-2026-25221

Low CVSS: 2.3

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and verify the state parameter during the authentication flow. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker's account. Any data the victim then enters or academic progress they make is stored on the attacker's account, leading to data loss for the victim and information disclosure to the attacker.

Vendor

Polarlearn

Product

Polarlearn

CWE

CWE-352

Yayın Tarihi

2026-02-02 23:16:09

Güncelleme

2026-02-20 20:45:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-352 Polarlearn LOW Polarlearn 2026

Referanslar

https://github.com/polarnl/PolarLearn/commit/44669bbb5b647c7625f22dd82f3121c7d7bfbe19 https://github.com/polarnl/PolarLearn/security/advisories/GHSA-fhhm-574m-7rpw

Benzer Kayıtlar

Critical

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss:/…

Medium

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in…

High

CVE-2026-25126

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/…