CVE-2026-44720 MEDIUM

CVE-2026-44720: OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

Vendor Th30D4Y
Product OpenLearnX
Weakness CWE-287 · Improper authentication
Published May 27, 2026
Last update June 2, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
June 2, 2026 Record updated