CVE-2026-26717 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in th…
Medium CVSS: 4.8

CVE-2026-26717

An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response time discrepancies
Vendor
-
Product
-
CWE
CWE-208
Yayın Tarihi
2026-02-25 17:25:39
Güncelleme
2026-02-27 14:06:59
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-208 MEDIUM 2026

Referanslar

https://github.com/Rickidevs/CVE-2026-26717 https://github.com/openfun/richie/commit/a1b5bbda3403d7debb466c303a32852925fcba5f https://medium.com/@ordogh/cve-2026-26717-hmac-timing-attack-in-openfun-richie-lms-f04377efe83d?postPublishedType=repub