Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Tronclass: Unauthorized access to courses through course invitation code
CVE-2026-2997
Summary
Tronclass, a software developed by WisdomGarden, has a security weakness that allows attackers to join any course without permission. This means that if an attacker is authenticated and has a course ID, they can manipulate the system to get an invitation code and join a course they shouldn't be able to access. You should update to the latest version of Tronclass to fix this issue.
Original title
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a cour...
Original description
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course.
nvd CVSS3.1
5.4
nvd CVSS4.0
6.5
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026