CVE-2026-44720
Received
Received - Intake
Authentication Bypass in OpenLearnX Platform
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openlearnx | openlearnx | to 2.0.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade OpenLearnX to version 2.0.4 or later, as this version contains the fix for the critical authentication vulnerability.
Can you explain this vulnerability to me?
The vulnerability in OpenLearnX prior to version 2.0.4 is a critical authentication flaw that could allow unauthorized access to user accounts under specific conditions.
How can this vulnerability impact me? :
This vulnerability could allow attackers to gain unauthorized access to user accounts, potentially compromising personal data and user privacy.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70