CVE-2026-30368

MEDIUM

Lightspeed Classroom 5.1.2.1763770643 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-30368. PoCs published by truekas, adminlove520.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2026-30368, exploiting a weak authentication flaw in Lightspeed Classroom management to control student devices. The exploit involves extracting a JWT token from a modified service worker and WASM module, then using it to send commands via Ably channels.

Description

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.

Exploits (2)

github WORKING POC 12 stars

by truekas · javascriptpoc

https://github.com/truekas/ls-poc

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2026-30368, exploiting a weak authentication flaw in Lightspeed Classroom management to control student devices. The exploit involves extracting a JWT token from a modified service worker and WASM module, then using it to send commands via Ably channels.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Complex

Reliability

Reliable

Target: Lightspeed Classroom Management (version 5.1.2.1763770643)

Auth required

Prerequisites: Lightspeed extension files (worker.js, classroom.wasm, manifest.json) · Node.js environment · Valid school account credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 24, 2026 Full analysis →

github WORKING POC 4 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-30368

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-30368, targeting a weak authentication flaw in Lightspeed Classroom management. The exploit involves extracting a JWT token from a service worker and using it to send commands to student devices via Ably channels.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Complex

Reliability

Reliable

Target: Lightspeed Classroom management (version 5.1.2.1763770643)

No auth needed

Prerequisites: worker.js · classroom.wasm · manifest.json files from the Lightspeed extension · Node.js environment · Ably API key

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 15, 2026 Full analysis →

References (3)

Core 3

Core References

https://tasty-hovercraft-9b9.notion.site/Enabling-Unauthorized-Remote-Control-of-Student-Devices-with-Lightspeed-Classroom-2ec5157f5b4a800c9eefc5526479820a

https://www.incognitotgt.me/blog/lightspeed

Various Sources

https://github.com/truekas/ls-poc

Scores

CVSS v3 5.4

EPSS 0.0002

EPSS Percentile 3.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (1)

Lightspeed/Lightspeed Classroom 5.1.2.1763770643

Published Apr 24, 2026

Tracked Since Apr 24, 2026