CVE-2026-25811

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25811

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25811.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25811

Aliases

GHSA-3gmm-9ww2-87fh

Published

2026-02-09T21:00:38.744Z

Modified

2026-02-22T19:46:02.464879Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)

Details

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25811.json"
}

References

Affected packages

Git / github.com/praskla-technology/assessment-placipy

Affected ranges

Type: GIT
Repo: https://github.com/praskla-technology/assessment-placipy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

72b8f3d238f6f084c3b56f0ceef6221309686822

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25811.json"