CVE-2026-25809

EPSS 0.31%
Veröffentlicht 09.02.2026 20:58:09
Zuletzt bearbeitet 11.02.2026 19:41:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PlaciPy Code Execution Allowed Without Assessment Active State Validation

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prasklatechnology ≫ Placipy Version1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-cc32-rp29-w9x7

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-25809

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25809

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25809

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25809