CVE-2026-24667: CWE-613: Insufficient Session Expiration in gunet openeclass
CVE-2026-24667 is a medium-severity vulnerability in the Open eClass platform versions prior to 4. 2, where active user sessions are not invalidated after a password change. This insufficient session expiration (CWE-613) allows attackers who have access to existing session tokens to maintain unauthorized access even after the user updates their password. The vulnerability does not require user interaction but does require low privileges and has a network attack vector with high attack complexity. It impacts confidentiality, integrity, and availability to a limited extent. The issue has been patched in version 4. 2, and no known exploits are currently reported in the wild. European organizations using Open eClass should prioritize upgrading to the patched version to mitigate risks associated with session hijacking post-password change.
AI Analysis
Technical Summary
CVE-2026-24667 identifies a security weakness in the Open eClass platform, a comprehensive course management system widely used in academic and training environments. The vulnerability stems from insufficient session expiration controls (CWE-613), where active user sessions remain valid after a user changes their password. This flaw allows an attacker who has previously obtained a valid session token to continue accessing the user account without re-authentication, effectively bypassing the password change security measure. The vulnerability affects all versions prior to 4.2 and is exploitable remotely over the network. The attack complexity is high, requiring some conditions to be met, and the attacker needs low privileges but no user interaction is necessary. The CVSS 3.1 base score is 5.0 (medium), reflecting limited but meaningful impact on confidentiality, integrity, and availability. The vulnerability could lead to unauthorized data access, potential manipulation of course content, or disruption of services. The vendor has addressed this issue in version 4.2 by ensuring that all active sessions are invalidated immediately upon password change, thereby preventing session reuse. No public exploits have been reported, but the risk remains for organizations running unpatched versions.
Potential Impact
For European organizations, especially educational institutions and training providers relying on Open eClass, this vulnerability poses a risk of unauthorized account access even after password changes, undermining user account security. Attackers could maintain persistent access to sensitive educational data, personal information, or administrative functions, potentially leading to data breaches or manipulation of course materials. The impact on confidentiality is moderate due to possible data exposure, integrity could be compromised if attackers alter course content or user data, and availability might be affected if attackers disrupt services. Given the widespread use of Open eClass in European academic sectors, the vulnerability could affect a significant user base if unpatched. The lack of known exploits reduces immediate risk, but the potential for exploitation remains, especially in environments with weak session management or where session tokens might be intercepted. This vulnerability also undermines trust in the platform's security, which is critical for compliance with data protection regulations like GDPR.
Mitigation Recommendations
European organizations should immediately upgrade Open eClass installations to version 4.2 or later, where the session invalidation issue is fixed. Until upgrades are applied, administrators should enforce additional security controls such as reducing session timeout durations, implementing multi-factor authentication to limit unauthorized access, and monitoring active sessions for anomalies. Network security measures like TLS encryption should be ensured to protect session tokens from interception. Organizations should also educate users to log out from all sessions manually after password changes as a temporary workaround. Regular audits of session management policies and logs can help detect suspicious session reuse. Finally, integrating Web Application Firewalls (WAFs) to detect and block unusual session activity can provide an additional layer of defense.
Affected Countries
Greece, Germany, France, Italy, Spain, United Kingdom, Netherlands, Belgium
CVE-2026-24667: CWE-613: Insufficient Session Expiration in gunet openeclass
Description
CVE-2026-24667 is a medium-severity vulnerability in the Open eClass platform versions prior to 4. 2, where active user sessions are not invalidated after a password change. This insufficient session expiration (CWE-613) allows attackers who have access to existing session tokens to maintain unauthorized access even after the user updates their password. The vulnerability does not require user interaction but does require low privileges and has a network attack vector with high attack complexity. It impacts confidentiality, integrity, and availability to a limited extent. The issue has been patched in version 4. 2, and no known exploits are currently reported in the wild. European organizations using Open eClass should prioritize upgrading to the patched version to mitigate risks associated with session hijacking post-password change.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-24667 identifies a security weakness in the Open eClass platform, a comprehensive course management system widely used in academic and training environments. The vulnerability stems from insufficient session expiration controls (CWE-613), where active user sessions remain valid after a user changes their password. This flaw allows an attacker who has previously obtained a valid session token to continue accessing the user account without re-authentication, effectively bypassing the password change security measure. The vulnerability affects all versions prior to 4.2 and is exploitable remotely over the network. The attack complexity is high, requiring some conditions to be met, and the attacker needs low privileges but no user interaction is necessary. The CVSS 3.1 base score is 5.0 (medium), reflecting limited but meaningful impact on confidentiality, integrity, and availability. The vulnerability could lead to unauthorized data access, potential manipulation of course content, or disruption of services. The vendor has addressed this issue in version 4.2 by ensuring that all active sessions are invalidated immediately upon password change, thereby preventing session reuse. No public exploits have been reported, but the risk remains for organizations running unpatched versions.
Potential Impact
For European organizations, especially educational institutions and training providers relying on Open eClass, this vulnerability poses a risk of unauthorized account access even after password changes, undermining user account security. Attackers could maintain persistent access to sensitive educational data, personal information, or administrative functions, potentially leading to data breaches or manipulation of course materials. The impact on confidentiality is moderate due to possible data exposure, integrity could be compromised if attackers alter course content or user data, and availability might be affected if attackers disrupt services. Given the widespread use of Open eClass in European academic sectors, the vulnerability could affect a significant user base if unpatched. The lack of known exploits reduces immediate risk, but the potential for exploitation remains, especially in environments with weak session management or where session tokens might be intercepted. This vulnerability also undermines trust in the platform's security, which is critical for compliance with data protection regulations like GDPR.
Mitigation Recommendations
European organizations should immediately upgrade Open eClass installations to version 4.2 or later, where the session invalidation issue is fixed. Until upgrades are applied, administrators should enforce additional security controls such as reducing session timeout durations, implementing multi-factor authentication to limit unauthorized access, and monitoring active sessions for anomalies. Network security measures like TLS encryption should be ensured to protect session tokens from interception. Organizations should also educate users to log out from all sessions manually after password changes as a temporary workaround. Regular audits of session management policies and logs can help detect suspicious session reuse. Finally, integrating Web Application Firewalls (WAFs) to detect and block unusual session activity can provide an additional layer of defense.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-23T20:40:23.387Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6982fcd8f9fa50a62f76648f
Added to database: 2/4/2026, 8:01:28 AM
Last enriched: 2/11/2026, 11:56:31 AM
Last updated: 3/24/2026, 7:02:54 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.