CVE-2026-24900

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.1

Description MarkUs is a web application used for submitting and grading student assignments. A flaw exists where the select file id parameter in the ''courses/<:course id>/assignments/<:assignment id>/submissions/html content'' endpoint was not properly restricted to the user making the request. This allowed users to access submission file contents by ID without authorization. The vulnerable parameter is select file id.

Recommendations Upgrade to version 2.9.1 or later.