VYPR
Unrated severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)

CVE-2026-25811

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Affected products

2
  • PlaciPy/PlaciPyllm-create
    Range: =1.0.0
  • Praskla-Technology/assessment-placipyv5
    Range: = 1.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.