CVE-2026-34736

Name of the Vulnerable Software and Affected Versions Open edX Platform versions maple through ulmo (exclusive)

Description The Open edX Platform allows for the creation and delivery of online learning experiences. An unauthenticated attacker can bypass the email verification process between the maple release and before the ulmo release. This is achieved by combining the OAuth2 password grant issuing tokens to inactive users and the exposure of the activation key in the REST API response at /api/user/v1/accounts/.

Recommendations Upgrade to the ulmo release or later.