Skip to main content

Openedx Platform

2 CVEs product

Monthly

CVE-2026-42858 HIGH PATCH This Week

Server-side request forgery (SSRF) in Open edX Platform allows authenticated Enterprise Admin users to force the application server to make HTTP requests to arbitrary internal network resources, cloud metadata endpoints (AWS 169.254.169.254), or external attacker-controlled hosts via the sync_provider_data SAML configuration endpoint. The unvalidated metadata_url parameter is passed directly to requests.get() without IP filtering or URL scheme enforcement, enabling internal network reconnaissance, credential theft from cloud metadata services, and potential lateral movement. Fixed in commits 6fda1f120ff and 70a56246dd9. EPSS data not available; no confirmed active exploitation at time of analysis.

SSRF Openedx Platform
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-34736 MEDIUM This Month

Open edX Platform from maple release through ulmo allows unauthenticated attackers to bypass email verification by exploiting an OAuth2 password grant that issues tokens to inactive users combined with exposure of activation keys in the REST API response at /api/user/v1/accounts/. This authentication bypass enables account takeover and unauthorized access to learning platforms. The vulnerability affects all deployments from maple to before ulmo release and has been patched in the ulmo release.

Authentication Bypass Openedx Platform
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-side request forgery (SSRF) in Open edX Platform allows authenticated Enterprise Admin users to force the application server to make HTTP requests to arbitrary internal network resources, cloud metadata endpoints (AWS 169.254.169.254), or external attacker-controlled hosts via the sync_provider_data SAML configuration endpoint. The unvalidated metadata_url parameter is passed directly to requests.get() without IP filtering or URL scheme enforcement, enabling internal network reconnaissance, credential theft from cloud metadata services, and potential lateral movement. Fixed in commits 6fda1f120ff and 70a56246dd9. EPSS data not available; no confirmed active exploitation at time of analysis.

SSRF Openedx Platform
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Open edX Platform from maple release through ulmo allows unauthenticated attackers to bypass email verification by exploiting an OAuth2 password grant that issues tokens to inactive users combined with exposure of activation keys in the REST API response at /api/user/v1/accounts/. This authentication bypass enables account takeover and unauthorized access to learning platforms. The vulnerability affects all deployments from maple to before ulmo release and has been patched in the ulmo release.

Authentication Bypass Openedx Platform
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy