Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions
CVE-2026-24666
Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: Release_3.0, Release_3.2, Release_4.1.1, …
- Range: <4.2
Patches
Vulnerability mechanics
References
1- github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.