What is the CVSS score of CVE-2026-41505?

CVE-2026-41505 has a CVSS 3.1 base score of 8.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of RELATE courseware are affected by CVE-2026-41505?

RELATE courseware contains a critical authentication bypass vulnerability (CVE-2026-41505, CVSS 8.7) in its token generation mechanisms that allows attackers to forge user authentication and exam…. A patch is available.

RELATE courseware CVE-2026-41505

EUVD-2026-28379 HIGH

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)

2026-05-07 GitHub_M

Information Disclosure

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 07, 2026 - 16:02 EUVD

Source Code Evidence Fetched

May 07, 2026 - 15:00 vuln.today

Analysis Generated

May 07, 2026 - 15:00 vuln.today

CVE Published

May 07, 2026 - 13:35 nvd

HIGH 8.7

DescriptionNVD

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

AnalysisAI

Predictable token generation in RELATE courseware allows remote attackers to forge authentication and exam access tokens. The vulnerability affects two critical security functions: make_sign_in_key() in auth.py (user authentication) and gen_ticket_code() in exam.py (exam access control). …

RemediationAI

Within 24 hours: Identify all RELATE courseware instances in your environment and document their current versions and deployment scope. Within 7 days: Implement network-level access controls restricting RELATE authentication endpoints to authorized users only; contact RELATE developers to confirm patch availability status and timeline for commit 2f68e16. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41505 vulnerability details – vuln.today

Back

RELATE courseware CVE-2026-41505

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code