High severity8.7NVD Advisory· Published May 7, 2026· Updated May 7, 2026
CVE-2026-41505
CVE-2026-41505
Description
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
7- Cyber Pioneers Ponder Past as PrologueDark Reading · May 15, 2026
- Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationTenable Blog · May 14, 2026
- Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakThe Hacker News · May 10, 2026
- Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainTenable Blog · May 8, 2026
- Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leakThe Register Security · Apr 28, 2026
- Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leakThe Register Security · Apr 28, 2026
- Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster ActionRapid7 Blog · Apr 20, 2026