![CVE](https://img.shields.io/badge/CVE-2026--44720-red)

# CVE-2026-44720 — Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX)

**Severity:** Moderate  
**CWE:** CWE-287, CWE-347  

## Summary
An authentication bypass vulnerability in OpenLearnX allowed attackers to forge JWT tokens when signature verification was disabled in certain authentication flows.

## Impact
- Unauthorized account access  
- Account takeover under affected configurations  
- Authentication bypass using crafted JWT tokens  

## Affected
`< 2.0.3 ` 

## Fixed
`>= 2.0.3  `

## References
- https://github.com/advisories/GHSA-223g-f5mq-gw33  
- https://github.com/th30d4y/OpenLearnX  

## Credits
Finder: krrazee  
Remediation Developer: 0x5t4l1n