CVE-2026-24664

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2

Description The Open eClass platform, previously known as GUnet eClass, is a course management system susceptible to a username enumeration issue. An unauthenticated attacker can determine valid user accounts by observing variations in the login response. The /login endpoint is affected, allowing attackers to test different usernames (username) and analyze the system's response to identify active accounts.

Recommendations Update to version 4.2 or later.