Markus
CVE-2026-25057
CRITICAL
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.
AnalysisAI
MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or grading data.
Technical ContextAI
MarkUs < 2.9.1 has a CWE-23 relative path traversal that allows users to access files outside their intended scope, potentially reading other students' submissions or instructor grading data.
RemediationAI
Update MarkUs to 2.9.1+.
MarkUs prior to version 2.9.1 fails to sanitize user-submitted file contents in the HTML rendering endpoint, allowing au
MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this
MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this
Unrestricted zip file extraction in MarkUs prior to version 2.9.4 allows authenticated users to trigger denial of servic
Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).
Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in vers
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today