PT-2026-23627 · Markus · Markus

Ibrah-M

Published

2026-03-06

Updated

2026-03-12

CVE-2026-25962

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4

Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries within the archive. This allowed instructors to upload zip files for assignment configurations and students to submit assignments as zip files, with the contents being extracted by the application.

Recommendations Update to version 2.9.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-409

Related Identifiers

CVE-2026-25962

GHSA-X8XV-J7FC-65X5

Affected Products

Markus

PT-2026-23627 · Markus · Markus

CVE-2026-25962

Weakness Enumeration

Related Identifiers

Affected Products

References · 6