Markus
CVE-2026-27807
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4.
AnalysisAI
Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).
Technical ContextAI
This vulnerability (CWE-776: Improper Restriction of Recursive Entity References in DTDs) affects Markus. MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4.
RemediationAI
Fixed in version 2.9.4.. Restrict network access to the affected service where possible.
MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or g
MarkUs prior to version 2.9.1 fails to sanitize user-submitted file contents in the HTML rendering endpoint, allowing au
MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this
MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this
Unrestricted zip file extraction in MarkUs prior to version 2.9.4 allows authenticated users to trigger denial of servic
Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in vers
Share
External POC / Exploit Code
Leaving vuln.today