CVE-2026-35610

Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-15

Description PolarLearn is a learning program affected by a privilege-escalation issue. An inverted admin check in the account-management module allowed authenticated non-admin users to execute the setCustomPassword(userId, password) and deleteUser(userId) actions, while legitimate administrators were blocked. The issue stems from an incorrect conditional statement that reverses the intended access control logic.

Recommendations Update to version 0-PRERELEASE-15 or later.