2 matches found
CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...
CVE-2026-41243
OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...