Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
CVE-2026-24773
Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user identifiers. This issue has been patched in version 4.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: Release_3.0, Release_3.2, Release_4.1.1, …
- Range: <4.2
Patches
Vulnerability mechanics
References
1- github.com/gunet/openeclass/security/advisories/GHSA-63pm-pff4-xc9cmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.