Deserialization in Inducer Relate

CVE-2026-47161

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker ca…

Vulnerability class: Insecure Deserialization

EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.

Affected products

Inducer Relate — versions < d66ba5659b459bf1ba56b7109b5f9ecf197cbefb

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)