What is the CVSS score of CVE-2026-35610?

CVE-2026-35610 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Polarlearn are affected by CVE-2026-35610?

PolarLearn versions 0-PRERELEASE-14 and earlier contain a privilege escalation vulnerability in the account-management module that allows authenticated standard users to reset passwords and delete…

How to fix or mitigate CVE-2026-35610?

Within 24 hours: Identify all PolarLearn deployments and document current version numbers; restrict account-management module access to administrators only via network controls or application-level access lists pending patch availability. Within 7 days: Contact PolarLearn vendor for patch availability timeline and interim build; implement monitoring for setCustomPassword() and deleteUser() function calls from non-admin accounts. Within 30 days: Apply vendor-released patch immediately upon availability; conduct forensic audit of account modification logs to identify unauthorized password resets or account deletions.

Polarlearn CVE-2026-35610

EUVD-2026-19786 HIGH

Improper Authorization (CWE-285)

2026-04-07 security-advisories@github.com

Authentication Bypass Polarlearn

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 18:07 vuln.today

cvss_changed

EUVD ID Assigned

Apr 07, 2026 - 17:22 euvd

EUVD-2026-19786

Analysis Generated

Apr 07, 2026 - 17:22 vuln.today

CVE Published

Apr 07, 2026 - 17:16 nvd

HIGH 8.8

DescriptionGitHub Advisory

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute both actions, while real admins were rejected. This is a direct privilege-escalation issue in the application.

AnalysisAI

Privilege escalation in PolarLearn account-management module allows authenticated non-admin users to arbitrarily reset passwords and delete user accounts due to an inverted admin permission check in versions 0-PRERELEASE-14 and earlier. The inverted logic in setCustomPassword() and deleteUser() functions grants administrative capabilities to regular users while blocking legitimate administrators. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as non-admin user

Delivery

Call setCustomPassword or deleteUser API

Exploit

Bypass inverted admin check

Execution

Execute privileged actions

Impact

Escalate privileges to admin level

Access

Authenticate as non-admin user

Delivery

Call setCustomPassword or deleteUser API

Exploit

Bypass inverted admin check

Execution

Execute privileged actions

Impact

Escalate privileges to admin level

Vulnerability AssessmentAI

Exploitation	Authenticated user account required on PolarLearn 0-PRERELEASE-14 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability presents high real-world risk despite absence of confirmed exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker creates a standard student account on a PolarLearn instance through normal registration or is granted basic user access by an institution. Authenticating with these low-privilege credentials, the attacker directly calls the setCustomPassword() API endpoint targeting an administrator's userId, successfully resetting the admin password due to the inverted permission check that grants access to non-admins. …
Remediation	Upgrade immediately to PolarLearn version 0-PRERELEASE-15 or later, where the inverted admin permission check has been corrected in the account-management module. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all PolarLearn deployments and document current version numbers; restrict account-management module access to administrators only via network controls or application-level access lists pending patch availability. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-35610 vulnerability details – vuln.today

Back

Polarlearn CVE-2026-35610

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code