CVE-2026-41900

HIGH

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-41900. PoCs published by Christbowel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-41900, an unauthenticated RCE vulnerability in OpenLearnX. The exploit leverages a Docker container volume mount flaw in the `execute_in_container()` function, allowing attackers to read sensitive files from `/tmp` and execute arbitrary commands.

Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.

Exploits (1)

nomisec WORKING POC 2 stars
by Christbowel · poc
https://github.com/Christbowel/CVE-2026-41900-POC

This repository contains a functional exploit for CVE-2026-41900, an unauthenticated RCE vulnerability in OpenLearnX. The exploit leverages a Docker container volume mount flaw in the `execute_in_container()` function, allowing attackers to read sensitive files from `/tmp` and execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenLearnX < commit 14765d7
No auth needed
Prerequisites: Docker socket access · OpenLearnX instance with vulnerable commit
devstral-2 · analyzed May 08, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0013
EPSS Percentile 32.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-250 CWE-284 CWE-693 CWE-78 CWE-94
Status published
Products (2)
npm/openlearnx 0 - 2.0.3npm
th30d4y/OpenLearnX < 2.0.3
Published May 08, 2026
Tracked Since May 08, 2026