What is the CVSS score of CVE-2026-25885?

CVE-2026-25885 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Polarlearn are affected by CVE-2026-25885?

PolarLearn's group chat WebSocket endpoint is accessible without authentication, allowing unauthorized users to access sensitive communications and potentially inject malicious content.. A patch is available.

Is there a public PoC exploit available for CVE-2026-25885?

Yes, a public proof-of-concept exploit is available for CVE-2026-25885. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-25885?

Within 24 hours: Identify all PolarLearn instances in your environment and document current version numbers; notify stakeholders of the vulnerability. Within 7 days: Apply the available security patch to all PolarLearn deployments and verify successful deployment across all instances. Within 30 days: Conduct a security audit of chat logs for unauthorized access during the exposure window and implement enhanced monitoring on WebSocket endpoints.

Polarlearn CVE-2026-25885

HIGH

Improper Authorization (CWE-285)

2026-02-09 security-advisories@github.com

Authentication Bypass Polarlearn

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 20, 2026 - 20:47 vuln.today

Public exploit code

Patch released

Feb 20, 2026 - 20:47 nvd

Patch available

CVE Published

Feb 09, 2026 - 22:16 nvd

HIGH 7.5

DescriptionGitHub Advisory

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.

AnalysisAI

Unauthenticated message injection in PolarLearn 0-PRERELEASE-16 and earlier allows remote attackers to send persistent messages to arbitrary group chats via the WebSocket API without credentials. Public exploit code exists for this vulnerability, which affects all users of vulnerable versions by enabling spam and potential information manipulation within group communications.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Connect to WebSocket endpoint wss://polarlearn.nl/api/v1/ws

Exploit

Subscribe to target group chat using UUID

Execution

Send malicious messages to group

Impact

Messages persisted in chatContent database

Access

Connect to WebSocket endpoint wss://polarlearn.nl/api/v1/ws

Exploit

Subscribe to target group chat using UUID

Execution

Send malicious messages to group

Impact

Messages persisted in chatContent database

Vulnerability AssessmentAI

Exploitation	PolarLearn 0-PRERELEASE-16 or earlier with WebSocket group chat endpoint (wss://polarlearn.nl/api/v1/ws) accessible without authentication. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker without authentication could exploit this vulnerability to compromise the affected system.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all PolarLearn instances in your environment and document current version numbers; notify stakeholders of the vulnerability. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25885 vulnerability details – vuln.today

Back

Polarlearn CVE-2026-25885

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code