Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
CVE-2026-24773
Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user identifiers. This issue has been patched in version 4.2.
Affected products
1- Range: Release_3.0, Release_3.2, Release_4.1.1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/gunet/openeclass/security/advisories/GHSA-63pm-pff4-xc9cmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.