Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
10.0

CVE-2026-41900: OpenLearnX Can Run Malicious Code on Its Servers

GHSA-8h25-q488-4hxw CVE-2026-41900
Summary

OpenLearnX's code execution environment has a critical flaw that could allow an attacker to run malicious code on the server, potentially leading to unauthorized access or data breaches. This issue has been fixed, so you should update your OpenLearnX installation to the latest version. It's recommended to verify the update was successful and test the environment to ensure it's secure.

What to do
  • Update w4nn4d13 openlearnx to version 2.0.3.
  • Update openlearnx to version 2.0.3.
Affected software
Ecosystem VendorProductAffected versions
npm w4nn4d13 openlearnx < 2.0.3
Fix: upgrade to 2.0.3
npm openlearnx < 2.0.3
Fix: upgrade to 2.0.3
th30d4y openlearnx 2.0.1
cpe:2.3:a:th30d4y:openlearnx:2.0.1:*:*:*:*:node.js:*:*
Original title
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution env...
Original description
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.
ghsa CVSS3.1 8.8
Vulnerability type
CWE-78 OS Command Injection
CWE-94 Code Injection
CWE-250
CWE-284 Improper Access Control
CWE-693 Protection Mechanism Failure
Published: 8 May 2026 · Updated: 31 May 2026 · First seen: 23 Apr 2026