Medium severity5.4NVD Advisory· Published Apr 23, 2026· Updated Apr 29, 2026
CVE-2026-41243
CVE-2026-41243
Description
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue.
Affected products
1Patches
11 file changed · +38 −6
app/server/routers/forum.ts+38 −6 modified@@ -38,7 +38,12 @@ export const forumRouter = { createdAt: 'desc' }, include: { - author: true + author: { + select: { + id: true, + name: true + } + }, } } ) @@ -55,7 +60,12 @@ export const forumRouter = { createdAt: 'desc' }, include: { - author: true + author: { + select: { + id: true, + name: true + } + }, } } ) @@ -107,9 +117,21 @@ export const forumRouter = { include: { replies: { where: safeMode.value ? { hasBeenAdminChecked: true } : undefined, - include: { author: true } + include: { + author: { + select: { + id: true, + name: true + } + } + }, + }, + author: { + select: { + id: true, + name: true + } }, - author: true, votes: true } }) @@ -281,7 +303,12 @@ export const forumRouter = { createdAt: 'asc' }, include: { - author: true + author: { + select: { + id: true, + name: true + } + }, } }) return pendingPosts @@ -295,7 +322,12 @@ export const forumRouter = { createdAt: 'asc' }, include: { - author: true, + author: { + select: { + id: true, + name: true + } + }, post: { select: { id: true,
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.