What is CVE-2026-31282?

CVE-2026-31282 is a critical-severity vulnerability in N/a, classified under Improper Access Control. CVSS score: 9.8/10. Published 2026-04-13.

How severe is CVE-2026-31282?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2026-31282 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack…

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

saykino/CVE-2026-31282

References

Frequently asked questions

What is CVE-2026-31282?: CVE-2026-31282 is a critical-severity vulnerability in N/a, classified under Improper Access Control. CVSS score: 9.8/10. Published 2026-04-13.
How severe is CVE-2026-31282?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2026-31282 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.