{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41243", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T03:47:03.135Z", "datePublished": "2026-04-23T00:09:03.863Z", "dateUpdated": "2026-04-23T13:55:12.541Z"}, "containers": {"cna": {"title": "OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm"}, {"name": "https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab", "tags": ["x_refsource_MISC"], "url": "https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab"}], "affected": [{"vendor": "siemvk", "product": "OpenLearn", "versions": [{"version": "< 844b2a40a69d0c4911580fe501923f0b391313ab", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T00:09:03.863Z"}, "descriptions": [{"lang": "en", "value": "OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue."}], "source": {"advisory": "GHSA-4rv3-hfh6-vqvm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T13:54:48.062482Z", "id": "CVE-2026-41243", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T13:55:12.541Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41243", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T03:47:03.135Z", "datePublished": "2026-04-23T00:09:03.863Z", "dateUpdated": "2026-04-23T13:55:12.541Z"}, "containers": {"cna": {"title": "OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm"}, {"name": "https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab", "tags": ["x_refsource_MISC"], "url": "https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab"}], "affected": [{"vendor": "siemvk", "product": "OpenLearn", "versions": [{"version": "< 844b2a40a69d0c4911580fe501923f0b391313ab", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T00:09:03.863Z"}, "descriptions": [{"lang": "en", "value": "OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue."}], "source": {"advisory": "GHSA-4rv3-hfh6-vqvm", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41243", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T13:54:48.062482Z"}}}], "references": [{"url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T13:55:05.599Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemvk:openlearn:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2E9E54-0BCB-47E7-B3DF-8AC60B2479DB", "versionEndExcluding": "2026-04-14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue."}], "id": "CVE-2026-41243", "lastModified": "2026-04-29T15:39:33.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-23T02:16:19.040", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,844b2a40a69d0c4911580fe501923f0b391313ab)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "OpenLearn", "source": "cna", "vendor": "siemvk"}, "product": "openlearn", "vendor": "siemvk"}], "analysis": {"en": {"generated_at": "2026-04-28T15:04:15.017025+00:00", "value": {"mitigation_remediation": ["Update OpenLearn to commit\u00a0844b2a40a69d0c4911580fe501923f0b391313ab or later, which restores proper authorization checks for the direct post read endpoint. ", "Remove or restrict the route that exposes posts by UUID for unapproved content, ensuring that only authenticated and authorized users can retrieve such posts. ", "Enforce the safeMode authorization logic on all API endpoints that return post data, confirming that pending posts are inaccessible without explicit approval."], "summary": {"action": "Apply Patch", "impact": "Exposure of pending forum posts to unauthorized users"}, "threat_synthesis": {"affected_systems": "The issue affects any installation of OpenLearn running a version prior to commit\u00a0844b2a40a69d0c4911580fe501923f0b391313ab. No specific version numbers are listed, but any build incorporating the code base before this fix is vulnerable. The vendor listed in the CNA is siemvk:OpenLearn.", "description_and_impact": "OpenLearn, a community\u2011driven educational forum, had a flaw whereby posts awaiting approval were hidden from the public feed when moderation mode was active, but the direct read operation continued to return the full post content to anyone who could guess or know the post\u2019s UUID. This constitutes an unauthorized read of private data under CWE\u2011284. The result is that sensitive or confidential information inadvertently tied to a pending post could be leaked to the public or to any attacker who obtains the ID, leading to potential privacy violations and misuse of content that is not yet vetted for publication.", "risk_and_exploitability": "The CVSS score of\u00a06.9 indicates moderate severity, and the EPSS score of <\u00a01% suggests a low likelihood of exploitation in the current environment. The vulnerability is accessible remotely via the standard post\u2011retrieval endpoint and requires no authentication, implying that an attacker can easily trigger it if the post UUID is known. Although it is not flagged in the CISA KEV catalog, the lack of a broader exploitation trend does not negate the potential impact on organizations that rely on confidentiality for unapproved content."}}}}, "created": "2026-04-28T09:26:34.788018+00:00", "updated": "2026-04-28T15:15:34.200957+00:00", "vendors": ["siemvk", "siemvk$PRODUCT$openlearn"]}