CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

CVE-2026-24900

An active vulnerability in MarkUs prior to version 2.9.1: the submissions/html_content endpoint accepts a select_file_id parameter that is not properly scoped to the requesting user, allowing access to arbitrary submission file contents by id. Impact is confidentiality (HIGH) without integrity/av...

PT-2026-7131

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/html content accepted a select file id parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not...

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Version 2.9.1 of MarkUs contained a security vulnerability caused by improperly limited parameter ranges, which could allow access to arbitrary submission file contents...