CVE-2026-24669

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and potential account takeover. This issue has been patched in version 4.2.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/gunet/openeclass/security/advisories/GHSA-gcqq-fxw6-f866	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gunet:open_eclass_platform:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-03 18:16

Updated : 2026-02-10 18:31

NVD link : CVE-2026-24669

Mitre link : CVE-2026-24669

CVE.ORG link : CVE-2026-24669

JSON object : View

Products Affected

gunet

open_eclass_platform

CWE

CWE-613

Insufficient Session Expiration

7.8 /10