CNNVD-202602-038 Information

CNNVD ID

CNNVD-202602-038

Related CVE

CVE-2026-25222

• CNNVD Published: 2026-02-02

Description (Chinese)

PolarLearn是PolarNL开源的一个在线学习平台。 PolarLearn 0-PRERELEASE-15及之前版本存在信息泄露漏洞，该漏洞源于登录过程存在时间攻击，可能导致枚举已注册的电子邮件地址。

Description (English)

PolarLearn is an online learning platform for PolarNL Open Source. There is a leaking loophole in the PolarLearn 0-PRERELEASE-15 and earlier versions, which stems from the time attack of the login process and may lead to the listing of registered e-mail addresses.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

PolarNL

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/polarnl/PolarLearn/commit/6c276855172c7310cce0df996cb47ffe0d886741 https://github.com/polarnl/PolarLearn/security/advisories/GHSA-wcr9-mvr9-4qh5