CVE-2026-25809

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25809
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25809.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25809
Aliases
  • GHSA-cc32-rp29-w9x7
Published
2026-02-09T20:58:09Z
Modified
2026-04-02T13:18:13.422419Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
PlaciPy Code Execution Allowed Without Assessment Active State Validation
Details

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25809.json"
}
References

Affected packages

Git / github.com/praskla-technology/assessment-placipy

Affected ranges

Type
GIT
Repo
https://github.com/praskla-technology/assessment-placipy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
72b8f3d238f6f084c3b56f0ceef6221309686822
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 1.0.0"
        }
    ]
}

Affected versions

v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25809.json"