CVE-2026-25809
CRITICALPlaciPy 1.0.0 - Improper Authorization in Code Evaluation Endpoint
Title source: llmDescription
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-cc32-rp29-w9x7
Scores
CVSS v3
9.8
EPSS
0.0031
EPSS Percentile
22.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (1)
prasklatechnology/placipy
1.0.0
Published
Feb 09, 2026
Tracked Since
Feb 18, 2026