CVE-2026-25126
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (POST /api/v1/forum/vote) trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., "x") as direction. Downstream (VoteServer) treats any non-"up" and non-null value as a downvote and persists the invalid value in votes_data. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| polarnl | PolarLearn | < 0-PRERELEASE-15 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/polarnl/PolarLearn/security/advisories/GHSA-ghpx-5w2p-p3qp
- https://github.com/polarnl/PolarLearn/commit/e6227d94d0e53e854f6a46480db8cd1051184d41
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.