Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

polarnl

Source -

CNA

BOS Name -

N/A

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2026-25885
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.05% / 16.67%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 21:15
Updated-10 Feb, 2026 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.

Action-Not Available
Vendor-polarnl
Product-PolarLearn
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-25222
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 5.29%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 23:01
Updated-04 Feb, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint, an attacker can distinguish between valid and invalid email addresses. This occurs because the server only performs the computationally expensive Argon2 password hashing if the user exists in the database. Requests for existing users take significantly longer (~650ms) than requests for non-existent users (~160ms).

Action-Not Available
Vendor-polarnl
Product-PolarLearn
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-25221
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 22:59
Updated-03 Feb, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and verify the state parameter during the authentication flow. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker's account. Any data the victim then enters or academic progress they make is stored on the attacker's account, leading to data loss for the victim and information disclosure to the attacker.

Action-Not Available
Vendor-polarnl
Product-PolarLearn
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-25126
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.65%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 22:06
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PolarLearn's unvalidated vote direction allows vote count manipulation

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `"x"`) as `direction`. Downstream (`VoteServer`) treats any non-`"up"` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.

Action-Not Available
Vendor-polarnl
Product-PolarLearn
CWE ID-CWE-20
Improper Input Validation