6 matches found
CVE-2026-31946
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
CVE-2026-31946
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
EUVD-2026-17207
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...
PT-2026-29122
Name of the Vulnerable Software and Affected Versions OpenOlat versions 10.5.4 through 20.2.4 Description OpenOlat is a web-based e-learning platform. The OpenID Connect implicit flow implementation does not verify JSON Web Token JWT signatures. The JSONWebToken.parse method discards the signatur...