CVE-2026-41243: CWE-284: Improper Access Control in siemvk OpenLearn
CVE-2026-41243 is an improper access control vulnerability in the open-source forum software OpenLearn by siemvk. Before a specific code commit (844b2a40a69d0c4911580fe501923f0b391313ab), when safeMode was enabled, unapproved forum posts were hidden from public listings but could still be accessed directly by anyone with the post UUID. This allowed unauthorized users to read posts that should have been restricted. The issue was fixed in the referenced commit.
AI Analysis
Technical Summary
OpenLearn versions prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab contain an improper access control vulnerability (CWE-284). When safeMode is enabled, unapproved posts are hidden from public lists but remain accessible via direct post-read requests using the post UUID. This flaw allows unauthorized users to bypass intended visibility restrictions and read unapproved content. The vulnerability is resolved by the specified commit which corrects the access control logic.
Potential Impact
Unauthorized users can access unapproved forum posts by directly requesting them with the post UUID, bypassing the intended restriction that hides these posts from public listings. This could lead to unintended disclosure of sensitive or restricted content. There are no known exploits in the wild. The CVSS 4.0 base score is 6.9, indicating a medium severity impact with network attack vector, no privileges or user interaction required, and low to limited confidentiality and integrity impact.
Mitigation Recommendations
The vulnerability is fixed in commit 844b2a40a69d0c4911580fe501923f0b391313ab. Users of OpenLearn should update to this commit or a later version that includes this fix. No official vendor advisory or patch link is provided, so users should verify the fix in the project repository. Patch status is not yet confirmed by a vendor advisory; check the OpenLearn project repository for the latest remediation guidance.
CVE-2026-41243: CWE-284: Improper Access Control in siemvk OpenLearn
Description
CVE-2026-41243 is an improper access control vulnerability in the open-source forum software OpenLearn by siemvk. Before a specific code commit (844b2a40a69d0c4911580fe501923f0b391313ab), when safeMode was enabled, unapproved forum posts were hidden from public listings but could still be accessed directly by anyone with the post UUID. This allowed unauthorized users to read posts that should have been restricted. The issue was fixed in the referenced commit.
CVSS v4.0
Score 6.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenLearn versions prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab contain an improper access control vulnerability (CWE-284). When safeMode is enabled, unapproved posts are hidden from public lists but remain accessible via direct post-read requests using the post UUID. This flaw allows unauthorized users to bypass intended visibility restrictions and read unapproved content. The vulnerability is resolved by the specified commit which corrects the access control logic.
Potential Impact
Unauthorized users can access unapproved forum posts by directly requesting them with the post UUID, bypassing the intended restriction that hides these posts from public listings. This could lead to unintended disclosure of sensitive or restricted content. There are no known exploits in the wild. The CVSS 4.0 base score is 6.9, indicating a medium severity impact with network attack vector, no privileges or user interaction required, and low to limited confidentiality and integrity impact.
Mitigation Recommendations
The vulnerability is fixed in commit 844b2a40a69d0c4911580fe501923f0b391313ab. Users of OpenLearn should update to this commit or a later version that includes this fix. No official vendor advisory or patch link is provided, so users should verify the fix in the project repository. Patch status is not yet confirmed by a vendor advisory; check the OpenLearn project repository for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-18T03:47:03.135Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e9707c87115cfb6852214a
Added to database: 4/23/2026, 1:06:04 AM
Last enriched: 4/30/2026, 8:13:57 AM
Last updated: 6/6/2026, 5:11:18 AM
Views: 72
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.