RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — checksignin_key(). This issue has been patched via commit 2f68e16.
{
"cwe_ids": [
"CWE-208"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41588.json",
"cna_assigner": "GitHub_M",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb"
}
],
"source": "AFFECTED_FIELD"
}
]
}