CVE-2026-25885

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-16

Description PolarLearn is a free and open-source learning program. The group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without authentication. An unauthenticated client can subscribe to any group chat by providing a group UUID and send messages to any group. The server accepts and stores these messages in the group’s chatContent.

Recommendations Update PolarLearn to version 0-PRERELEASE-16 or later.

Exploit

Fix

Missing Authentication

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-285

Related Identifiers

CVE-2026-25885

GHSA-GVJM-5PW7-6C8C

Affected Products

Polarlearn

CVE-2026-25885

Weakness Enumeration

Related Identifiers

Affected Products

References · 8