CVE-2026-25811

EPSS 0.04%
Veröffentlicht 09.02.2026 21:00:38
Zuletzt bearbeitet 18.02.2026 20:30:48
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prasklatechnology ≫ Placipy Version1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3gmm-9ww2-87fh

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-25811

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25811

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25811

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25811