CVE-2026-41505

EPSS 0.26%
Veröffentlicht 07.05.2026 13:35:02
Zuletzt bearbeitet 07.05.2026 15:53:49
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

RELATE: Predictable Token Generation in auth.py and exam.py

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerinducer

≫

Produkt relate

Version < 2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.7	2.2	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://github.com/inducer/relate/security/advisories/GHSA-rvx5-95mm-p77v

https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb

https://nvd.nist.gov/vuln/detail/CVE-2026-41505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-41505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-41505

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-41505