Skip to main content

Polarlearn EUVD-2026-19786

| CVE-2026-35610 HIGH
Improper Authorization (CWE-285)
2026-04-07 security-advisories@github.com
Authentication Bypass Polarlearn
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 18:07 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 17:22 euvd
EUVD-2026-19786
Analysis Generated
Apr 07, 2026 - 17:22 vuln.today
CVE Published
Apr 07, 2026 - 17:16 nvd
HIGH 8.8

DescriptionGitHub Advisory

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute both actions, while real admins were rejected. This is a direct privilege-escalation issue in the application.

AnalysisAI

Privilege escalation in PolarLearn account-management module allows authenticated non-admin users to arbitrarily reset passwords and delete user accounts due to an inverted admin permission check in versions 0-PRERELEASE-14 and earlier. The inverted logic in setCustomPassword() and deleteUser() functions grants administrative capabilities to regular users while blocking legitimate administrators. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as non-admin user
Delivery
Call setCustomPassword or deleteUser API
Exploit
Bypass inverted admin check
Execution
Execute privileged actions
Impact
Escalate privileges to admin level
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Authenticated user account required on PolarLearn 0-PRERELEASE-14 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents high real-world risk despite absence of confirmed exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker creates a standard student account on a PolarLearn instance through normal registration or is granted basic user access by an institution. Authenticating with these low-privilege credentials, the attacker directly calls the setCustomPassword() API endpoint targeting an administrator's userId, successfully resetting the admin password due to the inverted permission check that grants access to non-admins. …
Remediation Upgrade immediately to PolarLearn version 0-PRERELEASE-15 or later, where the inverted admin permission check has been corrected in the account-management module. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all PolarLearn deployments and document current version numbers; restrict account-management module access to administrators only via network controls or application-level access lists pending patch availability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-19786 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy