What is the CVSS score of CVE-2026-41588?

CVE-2026-41588 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of RELATE are affected by CVE-2026-41588?

CVE-2026-41588 is a critical timing-based authentication bypass vulnerability in RELATE's sign-in mechanism that allows remote attackers to infer valid authentication keys through response time…. A patch is available.

RELATE CVE-2026-41588

EUVD-2026-28656 CRITICAL

Observable Timing Discrepancy (CWE-208)

2026-05-08 security-advisories@github.com

Information Disclosure

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 08, 2026 - 16:18 EUVD

Source Code Evidence Fetched

May 08, 2026 - 16:17 vuln.today

Analysis Generated

May 08, 2026 - 16:17 vuln.today

CVE Published

May 08, 2026 - 15:16 nvd

CRITICAL 9.0

DescriptionNVD

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py - check_sign_in_key(). This issue has been patched via commit 2f68e16.

AnalysisAI

Timing attack vulnerability in RELATE's authentication module allows remote unauthenticated attackers to infer valid sign-in keys through response time analysis. The CWE-208 timing side-channel in course/auth.py's check_sign_in_key() function enables attackers to distinguish between valid and invalid authentication tokens by measuring server response latencies. …

RemediationAI

Within 24 hours: Inventory all RELATE deployments and assess whether they are internet-facing or restricted to trusted networks; notify stakeholders of critical authentication risk. Within 7 days: Contact RELATE vendor for ETA on patch delivery and interim guidance; implement network-level controls to rate-limit or segment authentication endpoints if possible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41588 vulnerability details – vuln.today

Back

RELATE CVE-2026-41588

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code