CVE-2026-30368 MEDIUM

CVE-2026-30368

Vendor Lightspeed

Product Lightspeed Classroom

Weakness CWE-863 · Incorrect authorization

Published April 24, 2026

Last update April 27, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.

Key dates

02Disclosure timeline

April 24, 2026 CVE published

April 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-30368

Related vulnerabilities

04Related CVE

CVE-2026-21896 Kirby is missing permission checks in the content changes API CVE-2022-30309 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability CVE-2020-15163 Invalid root may become trusted root in The Update Framework (TUF) CVE-2026-33251 Discourse has a Hidden Solved topics permission bypass CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving