CVE-2026-41900
HIGHOpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
Title source: cnaExploitation Summary
EIP tracks 2 public exploits for CVE-2026-41900. PoCs published by adminlove520, Christbowel.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-41900, targeting OpenLearnX's unauthenticated RCE via container volume mount. The exploit leverages a directory traversal vulnerability to access /tmp, enabling secret leakage and root container execution.
Description
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.
Exploits (2)
This repository contains a functional exploit for CVE-2026-41900, targeting OpenLearnX's unauthenticated RCE via container volume mount. The exploit leverages a directory traversal vulnerability to access /tmp, enabling secret leakage and root container execution.
This repository contains a functional exploit for CVE-2026-41900, an unauthenticated RCE vulnerability in OpenLearnX. The exploit leverages a Docker container volume mount flaw in the `execute_in_container()` function, allowing attackers to read sensitive files from `/tmp` and execute arbitrary commands.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H