CNNVD-202602-041 Information

CNNVD ID

CNNVD-202602-041

Related CVE

CVE-2026-25221

• CNNVD Published: 2026-02-02

Description (Chinese)

PolarLearn是PolarNL开源的一个在线学习平台。 PolarLearn 0-PRERELEASE-15及之前版本存在跨站请求伪造漏洞，该漏洞源于OAuth 2.0实现中未验证state参数，可能导致登录跨站请求伪造攻击。

Description (English)

PolarLearn is an online learning platform for PolarNL Open Source. The PolarLearn 0-PRERELEASE-15 and previous versions had a false breach in the cross-site request, which originated from the unverified state parameter achieved by OAuth 2.0, which could lead to a cross-site request for a false attack.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

PolarNL

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/polarnl/PolarLearn/commit/44669bbb5b647c7625f22dd82f3121c7d7bfbe19 https://github.com/polarnl/PolarLearn/security/advisories/GHSA-fhhm-574m-7rpw