CVE-2026-24673

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2

Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A file upload validation bypass allows attackers to upload files with restricted extensions by including them within ZIP archives. The application then extracts these archives using its built-in decompression feature, circumventing the intended file type restrictions. The vulnerable functionality resides in the application’s file upload process and decompression functionality.

Recommendations Update to version 4.2 or later.