From 91a2c08c8ca6f9f716da12c6f0989519079d32ef Mon Sep 17 00:00:00 2001
From: Stalin <161853795+0x5t4l1n@users.noreply.github.com>
Date: Fri, 8 May 2026 13:14:12 +0530
Subject: [PATCH] Create CVE-2026-44720.md

---
 patches/CVE-2026-44720.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 patches/CVE-2026-44720.md

diff --git a/patches/CVE-2026-44720.md b/patches/CVE-2026-44720.md
new file mode 100644
index 0000000..8e6f019
--- /dev/null
+++ b/patches/CVE-2026-44720.md
@@ -0,0 +1,28 @@
+![CVE](https://img.shields.io/badge/CVE-2026--44720-red)
+
+# CVE-2026-44720 — Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX)
+
+**Severity:** Moderate  
+**CWE:** CWE-287, CWE-347  
+
+## Summary
+An authentication bypass vulnerability in OpenLearnX allowed attackers to forge JWT tokens when signature verification was disabled in certain authentication flows.
+
+## Impact
+- Unauthorized account access  
+- Account takeover under affected configurations  
+- Authentication bypass using crafted JWT tokens  
+
+## Affected
+< 2.0.3  
+
+## Fixed
+>= 2.0.3  
+
+## References
+- https://github.com/advisories/GHSA-223g-f5mq-gw33  
+- https://github.com/th30d4y/OpenLearnX  
+
+## Credits
+Finder: krrazee  
+Remediation Developer: 0x5t4l1n