QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25885

Published: Feb 9, 2026

Modified: Feb 10, 2026

PUBLISHED

Description

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.

Vendor	Product	Versions
polarnl	PolarLearn	affected `< 0-PRERELEASE-16`

Weaknesses (CWE)

References

https://github.com/polarnl/PolarLearn/security/advisories/GHSA-gvjm-5pw7-6c8c

x_refsource_CONFIRM

https://github.com/polarnl/PolarLearn/commit/3ba588fda0d3f8e238483a20772719f27e52e79f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.