Unrated severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)

CVE-2026-25811

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Affected products

PlaciPy/PlaciPyllm-create
Range: =1.0.0
Praskla-Technology/assessment-placipyv5
Range: = 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3gmm-9ww2-87fhmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000