CVE-2026-27807

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4

Description MarkUs is a web application used for submitting and grading student assignments. Versions of MarkUs before 2.9.4 allow course instructors to upload YAML files to create or update entities like assignment settings. The application parses these YAML files with aliases enabled, which can lead to issues. This issue was addressed in version 2.9.4. YAML aliases allow defining reusable parts within a YAML file, potentially leading to unintended consequences if not handled securely during parsing.

Recommendations Update to version 2.9.4 or later.