Information disclosure in Polarnl Polarlearn

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the plat…

Vulnerability class: Information Disclosure

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

Affected products

Polarnl Polarlearn — versions <= 0-PRERELEASE-15

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/polarnl/PolarLearn/security/advisories/GHSA-wcr9-mvr9-4qh5 (x_refsource_CONFIRM)
https://github.com/polarnl/PolarLearn/commit/6c276855172c7310cce0df996cb47ffe0d886741 (x_refsource_MISC)