CVE-2026-25811CRITICAL 9.1EPSS p18.3%

CVE-2026-25811CVE-2026-25811

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.27% probability of exploitation · percentile 18.3% · 2026-06-18T12:00:27Z
Published2026-02-09
Last modified2026-02-18

Underlying weaknesses· 1

CWE-863

References

  1. https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3gmm-9ww2-87fh

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25812
CVE
CVE-2026-25753
CVE
CVE-2026-25810
CVE
CVE-2026-25875
CVE
CVE-2026-25809
CVE
CVE-2026-25876
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.