{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:56:28.517","vulnerabilities":[{"cve":{"id":"CVE-2026-25126","sourceIdentifier":"security-advisories@github.com","published":"2026-01-29T22:15:56.423","lastModified":"2026-02-20T20:46:35.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `\"x\"`) as `direction`. Downstream (`VoteServer`) treats any non-`\"up\"` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability."},{"lang":"es","value":"PolarLearn es un programa de aprendizaje gratuito y de código abierto. Antes de la versión 0-PRERELEASE-15, la ruta de la API de votación ('POST /api/v1/forum/vote') confía en el valor 'direction' del cuerpo JSON sin validación en tiempo de ejecución. Los tipos de TypeScript no se aplican en tiempo de ejecución, por lo que un atacante puede enviar cadenas arbitrarias (por ejemplo, 'x') como 'direction'. En el flujo descendente ('VoteServer') trata cualquier valor que no sea 'up' y no sea 'null' como un voto negativo y persiste el valor inválido en 'votes_data'. Esto puede ser explotado para eludir la lógica de negocio prevista. La versión 0-PRERELEASE-15 corrige la vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:polarlearn:polarlearn:-:*:*:*:*:*:*:*","matchCriteriaId":"98DA1036-1EFB-46E7-9C83-425B1C6E6F23"}]}]}],"references":[{"url":"https://github.com/polarnl/PolarLearn/commit/e6227d94d0e53e854f6a46480db8cd1051184d41","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/polarnl/PolarLearn/security/advisories/GHSA-ghpx-5w2p-p3qp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}