CVE-2026-41900HIGH 8.8EPSS p55.3%

CVE-2026-41900CVE-2026-41900

Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.91% probability of exploitation · percentile 55.3% · 2026-06-18T12:00:27Z
Published2026-05-08
Last modified2026-05-08

Underlying weaknesses· 5

CWE-78CWE-94CWE-250CWE-284CWE-693

References

  1. https://github.com/th30d4y/OpenLearnX/commit/14765d7d1856d564747c55c5412e2f38feab079e
  2. https://github.com/th30d4y/OpenLearnX/releases/tag/v2.0.3-security-fix
  3. https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-8h25-q488-4hxw

5

TypeTargetConfidenceTier
WeaknessExecution with Unnecessary Privilegescwe-2500%live
WeaknessImproper Access Controlcwe-2840%live
WeaknessProtection Mechanism Failurecwe-6930%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-45479
CVE
CVE-2026-30741
CVE
CVE-2026-42434
CVE
CVE-2026-32046
CVE
CVE-2026-32048
CVE
CVE-2026-27597
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.