RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey() function and exam.py's genticket_code() function. This issue has been patched via commit 2f68e16.
{
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41505.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "GitHub_M"
}