QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25221

Back to search

CVE-2026-25221

Published: Feb 2, 2026

Modified: Feb 3, 2026

PUBLISHED

Description

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and verify the state parameter during the authentication flow. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker's account. Any data the victim then enters or academic progress they make is stored on the attacker's account, leading to data loss for the victim and information disclosure to the attacker.

VendorProductVersions

polarnl

PolarLearn

affected
<= v0-PRERELEASE-15

Weaknesses (CWE)

CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now