Unrated severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

PlaciPy Code Execution Allowed Without Assessment Active State Validation

CVE-2026-25809

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.

Affected products

Praskla-Technology/assessment-placipyv5
Range: = 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-cc32-rp29-w9x7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000