CVE-2026-44720

medium

Published 2026-05-13 · Modified 2026-05-27

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
npm	openlearnx	`<2.0.4`	`2.0.4`
NPM	openlearnx	`< 2.0.4`	`2.0.4`

References

https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-223g-f5mq-gw33
https://github.com/th30d4y/OpenLearnX
https://github.com/th30d4y/OpenLearnX/releases/tag/v2.0.4
https://github.com/advisories/GHSA-223g-f5mq-gw33

CWEs

CWE-287 CWE-347

Verify integrity in audit chain (admin only). AS-IS.