mirror of
https://github.com/0x5t4l1n/CVE.git
synced 2026-05-26 11:25:49 +00:00
Stalin
29 lines
617 B
Markdown
29 lines
617 B
Markdown
|
|
|
|
# CVE-2026-41900 — RCE via Sandbox Escape (OpenLearnX)
|
|
|
|
**Severity:** High
|
|
**CWE:** CWE-78, CWE-94, CWE-250, CWE-284, CWE-693
|
|
|
|
## Summary
|
|
A sandbox escape in OpenLearnX allows Remote Code Execution via its Python execution environment.
|
|
|
|
## Impact
|
|
- Arbitrary command execution
|
|
- Full system compromise
|
|
|
|
## Affected
|
|
< 2.0.3
|
|
|
|
## Fixed
|
|
2.0.3
|
|
|
|
## References
|
|
- https://github.com/advisories/GHSA-8h25-q488-4hxw
|
|
- https://github.com/th30d4y/OpenLearnX/commit/14765d7
|
|
|
|
## Credits
|
|
Finder: krraze
|
|
Coordinator: Stalin-143
|
|
Coordinator: harriiinnii
|