Critical severity9.0NVD Advisory· Published May 8, 2026· Updated May 12, 2026
CVE-2026-41588
CVE-2026-41588
Description
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
Affected products
1Patches
12f68e16cd3b9Update baseline
1 file changed · +13 −253
.basedpyright/baseline.json+13 −253 modified@@ -3859,6 +3859,14 @@ "lineCount": 1 } }, + { + "code": "reportUnusedParameter", + "range": { + "startColumn": 21, + "endColumn": 25, + "lineCount": 1 + } + }, { "code": "reportUnknownParameterType", "range": { @@ -3915,91 +3923,19 @@ "lineCount": 1 } }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 27, - "endColumn": 34, - "lineCount": 1 - } - }, - { - "code": "reportMissingParameterType", - "range": { - "startColumn": 27, - "endColumn": 34, - "lineCount": 1 - } - }, { "code": "reportUnusedParameter", "range": { - "startColumn": 27, - "endColumn": 34, - "lineCount": 1 - } - }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 36, - "endColumn": 43, - "lineCount": 1 - } - }, - { - "code": "reportMissingParameterType", - "range": { - "startColumn": 36, - "endColumn": 43, - "lineCount": 1 - } - }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 50, - "endColumn": 55, - "lineCount": 1 - } - }, - { - "code": "reportMissingParameterType", - "range": { - "startColumn": 50, - "endColumn": 55, - "lineCount": 1 - } - }, - { - "code": "reportAttributeAccessIssue", - "range": { - "startColumn": 13, - "endColumn": 19, - "lineCount": 1 - } - }, - { - "code": "reportAttributeAccessIssue", - "range": { - "startColumn": 13, - "endColumn": 24, - "lineCount": 1 - } - }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 23, - "endColumn": 30, + "startColumn": 16, + "endColumn": 23, "lineCount": 1 } }, { - "code": "reportMissingParameterType", + "code": "reportUnknownMemberType", "range": { - "startColumn": 23, - "endColumn": 30, + "startColumn": 12, + "endColumn": 21, "lineCount": 1 } }, @@ -4835,38 +4771,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 8, - "endColumn": 25, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 15, - "endColumn": 31, - "lineCount": 1 - } - }, - { - "code": "reportUnknownVariableType", - "range": { - "startColumn": 15, - "endColumn": 40, - "lineCount": 1 - } - }, - { - "code": "reportAttributeAccessIssue", - "range": { - "startColumn": 20, - "endColumn": 31, - "lineCount": 1 - } - }, { "code": "reportUnannotatedClassAttribute", "range": { @@ -4939,54 +4843,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownParameterType", - "range": { - "startColumn": 21, - "endColumn": 28, - "lineCount": 1 - } - }, - { - "code": "reportMissingParameterType", - "range": { - "startColumn": 21, - "endColumn": 28, - "lineCount": 1 - } - }, - { - "code": "reportUnknownArgumentType", - "range": { - "startColumn": 29, - "endColumn": 36, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 7, - "endColumn": 21, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 33, - "endColumn": 45, - "lineCount": 1 - } - }, - { - "code": "reportUnknownArgumentType", - "range": { - "startColumn": 33, - "endColumn": 45, - "lineCount": 1 - } - }, { "code": "reportAttributeAccessIssue", "range": { @@ -5011,14 +4867,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 31, - "endColumn": 57, - "lineCount": 1 - } - }, { "code": "reportUnknownArgumentType", "range": { @@ -5051,30 +4899,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 28, - "endColumn": 54, - "lineCount": 1 - } - }, - { - "code": "reportUnknownArgumentType", - "range": { - "startColumn": 33, - "endColumn": 40, - "lineCount": 1 - } - }, - { - "code": "reportUnknownArgumentType", - "range": { - "startColumn": 18, - "endColumn": 25, - "lineCount": 1 - } - }, { "code": "reportUnknownParameterType", "range": { @@ -10715,14 +10539,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownVariableType", - "range": { - "startColumn": 12, - "endColumn": 28, - "lineCount": 1 - } - }, { "code": "reportUnknownVariableType", "range": { @@ -10803,14 +10619,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownVariableType", - "range": { - "startColumn": 16, - "endColumn": 32, - "lineCount": 1 - } - }, { "code": "reportUnknownVariableType", "range": { @@ -25053,22 +24861,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 8, - "endColumn": 36, - "lineCount": 1 - } - }, - { - "code": "reportUnknownArgumentType", - "range": { - "startColumn": 8, - "endColumn": 36, - "lineCount": 1 - } - }, { "code": "reportUnknownMemberType", "range": { @@ -48655,38 +48447,6 @@ "lineCount": 1 } }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 12, - "endColumn": 32, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 12, - "endColumn": 32, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 25, - "endColumn": 41, - "lineCount": 1 - } - }, - { - "code": "reportUnknownMemberType", - "range": { - "startColumn": 26, - "endColumn": 42, - "lineCount": 1 - } - }, { "code": "reportImplicitOverride", "range": {
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
4- Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationTenable Blog · May 14, 2026
- Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainTenable Blog · May 8, 2026
- Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leakThe Register Security · Apr 28, 2026
- Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster ActionRapid7 Blog · Apr 20, 2026