CSRF in Polarnl Polarlearn

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to im…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (4.0th percentile) — read the EPSS interpretation.

Affected products

Polarnl Polarlearn — versions <= v0-PRERELEASE-15

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

https://github.com/polarnl/PolarLearn/security/advisories/GHSA-fhhm-574m-7rpw (x_refsource_CONFIRM)
https://github.com/polarnl/PolarLearn/commit/44669bbb5b647c7625f22dd82f3121c7d7bfbe19 (x_refsource_MISC)