CVE-2026-25126

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25126

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25126.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25126

Aliases

GHSA-ghpx-5w2p-p3qp

Published

2026-01-29T22:06:37.224Z

Modified

2026-03-14T12:47:30.953096Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Summary

PolarLearn's unvalidated vote direction allows vote count manipulation

Details

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (POST /api/v1/forum/vote) trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., "x") as direction. Downstream (VoteServer) treats any non-"up" and non-null value as a downvote and persists the invalid value in votes_data. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25126.json"
}

References

Affected packages

Git / github.com/polarnl/polarlearn

Affected ranges

Type: GIT
Repo: https://github.com/polarnl/polarlearn
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e6227d94d0e53e854f6a46480db8cd1051184d41

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25126.json"