CNNVD-202602-1263 Information

CNNVD ID

CNNVD-202602-1263

Related CVE

CVE-2026-25885

• CNNVD Published: 2026-02-09

Description (Chinese)

PolarLearn是PolarNL开源的一个在线学习平台。 PolarLearn 0-PRERELEASE-16及之前版本存在访问控制错误漏洞，该漏洞源于无需登录即可使用群聊WebSocket，可能导致未经验证的客户端订阅和发送消息至任意群组。

Description (English)

PolarLearn is an online learning platform for PolarNL Open Source. PolarLearn 0-PRERELEASE-16 and previous versions have access control bugs that stem from the use of WebSocket without login, which can lead to uncertified client subscriptions and messages to any group.

Vulnerability Type

访问控制错误

Affected Vendor

PolarNL

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/polarnl/PolarLearn/commit/3ba588fda0d3f8e238483a20772719f27e52e79f https://github.com/polarnl/PolarLearn/security/advisories/GHSA-gvjm-5pw7-6c8c