mirror of
https://github.com/0x5t4l1n/CVE.git
synced 2026-05-26 11:25:49 +00:00
Stalin
29 lines
749 B
Markdown
29 lines
749 B
Markdown
|
|
|
|
# CVE-2026-44720 — Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX)
|
|
|
|
**Severity:** Moderate
|
|
**CWE:** CWE-287, CWE-347
|
|
|
|
## Summary
|
|
An authentication bypass vulnerability in OpenLearnX allowed attackers to forge JWT tokens when signature verification was disabled in certain authentication flows.
|
|
|
|
## Impact
|
|
- Unauthorized account access
|
|
- Account takeover under affected configurations
|
|
- Authentication bypass using crafted JWT tokens
|
|
|
|
## Affected
|
|
< 2.0.3
|
|
|
|
## Fixed
|
|
>= 2.0.3
|
|
|
|
## References
|
|
- https://github.com/advisories/GHSA-223g-f5mq-gw33
|
|
- https://github.com/th30d4y/OpenLearnX
|
|
|
|
## Credits
|
|
Finder: krrazee
|
|
Remediation Developer: 0x5t4l1n
|