0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 19:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2026-44720.md

Browse Source
This commit is contained in:
Stalin
2026-05-08 13:14:12 +05:30
committed by GitHub
parent 594eecebf4
commit 91a2c08c8c
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
patches/CVE-2026-44720.md
+28
View File
@@ -0,0 +1,28 @@
![CVE](https://img.shields.io/badge/CVE-2026--44720-red)
# CVE-2026-44720 — Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX)
**Severity:** Moderate
**CWE:** CWE-287, CWE-347
## Summary
An authentication bypass vulnerability in OpenLearnX allowed attackers to forge JWT tokens when signature verification was disabled in certain authentication flows.
## Impact
- Unauthorized account access
- Account takeover under affected configurations
- Authentication bypass using crafted JWT tokens
## Affected
< 2.0.3
## Fixed
>= 2.0.3
## References
- https://github.com/advisories/GHSA-223g-f5mq-gw33
- https://github.com/th30d4y/OpenLearnX
## Credits
Finder: krrazee
Remediation Developer: 0x5t4l1n