Auth bypass in Polarnl Polarlearn

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by p…

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.

Affected products

Polarnl Polarlearn — versions < 0-PRERELEASE-16

Weakness classification (CWE)

References

https://github.com/polarnl/PolarLearn/security/advisories/GHSA-gvjm-5pw7-6c8c (x_refsource_CONFIRM)
https://github.com/polarnl/PolarLearn/commit/3ba588fda0d3f8e238483a20772719f27e52e79f (x_refsource_MISC)