Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
MarkUs allows instructors to upload malicious YAML files before version 2.9.4
CVE-2026-27807
Summary
MarkUs, a tool for grading student assignments, had a security issue that allowed instructors to upload malicious files. This could potentially harm the system. Update to version 2.9.4 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| markusproject | markus | <= 2.9.4 | – |
Original title
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e...
Original description
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4.
nvd CVSS3.1
4.9
Vulnerability type
CWE-776
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026