CVE-2026-24666

MEDIUM

Open eClass Platform < 4.2 - Cross-Site Request Forgery in Teacher-Restricted Endpoints

Title source: llm
STIX 2.1

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0015
EPSS Percentile 4.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
gunet/open_eclass_platform < 4.2
Published Feb 03, 2026
Tracked Since Feb 18, 2026