diff --git a/patches/CVE-2026-41900.md b/patches/CVE-2026-41900.md
new file mode 100644
index 0000000..cf8b3d6
--- /dev/null
+++ b/patches/CVE-2026-41900.md
@@ -0,0 +1,28 @@
+![CVE](https://img.shields.io/badge/CVE-2026--41900-red)
+
+# CVE-2026-41900 — RCE via Sandbox Escape (OpenLearnX)
+
+**Severity:** High  
+**CWE:** CWE-78, CWE-94, CWE-250, CWE-284, CWE-693  
+
+## Summary
+A sandbox escape in OpenLearnX allows Remote Code Execution via its Python execution environment.
+
+## Impact
+- Arbitrary command execution  
+- Full system compromise  
+
+## Affected
+< 2.0.3  
+
+## Fixed
+2.0.3  
+
+## References
+- https://github.com/advisories/GHSA-8h25-q488-4hxw  
+- https://github.com/th30d4y/OpenLearnX/commit/14765d7  
+
+## Credits
+Finder: krraze  
+Coordinator: Stalin-143  
+Coordinator: harriiinnii