Description
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.
Published: 2026-02-09
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Write to Group Chats
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in the PolarLearn group chat WebSocket, which can be accessed without authentication. An unauthenticated client can subscribe to any group chat by providing its UUID and can also post messages to that group. These messages are accepted by the server and stored in the chatContent field, making the issue a data integrity and potential misinformation problem rather than just a visual spam issue. The weakness maps to CWE-285 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function).

Affected Systems

polarnl PolarLearn versions 0‑PRERELEASE‑16 and earlier are affected.

Risk and Exploitability

The CVSS score of 10 indicates critical severity, while the EPSS score of less than 1% suggests that zero‑day exploitation is currently unlikely but still a risk. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote: any client with network access to wss://polarlearn.nl/api/v1/ws can open a WebSocket connection, provide a group UUID to subscribe, and then send arbitrary messages. No credentials are required, and the server stores those messages, resulting in persistent data tampering.

Generated by OpenCVE AI on April 17, 2026 at 21:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PolarLearn to version 0‑PRERELEASE‑17 or later where the WebSocket endpoint requires authentication.
  • If an upgrade cannot occur immediately, block external access to the WebSocket endpoint with a firewall or reverse proxy, allowing only trusted internal hosts to connect.
  • Configure the server to log and alert on anomalous message traffic and periodically review group chatContent for integrity.

Generated by OpenCVE AI on April 17, 2026 at 21:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Polarlearn
Polarlearn polarlearn
CPEs cpe:2.3:a:polarlearn:polarlearn:-:*:*:*:*:*:*:*
Vendors & Products Polarlearn
Polarlearn polarlearn
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Polarnl
Polarnl polarlearn
Vendors & Products Polarnl
Polarnl polarlearn

Mon, 09 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
Description PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.
Title PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats
Weaknesses CWE-285
CWE-306
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L'}

Subscriptions

Polarlearn Polarlearn
Polarnl Polarlearn
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T15:58:03.240Z

Reserved: 2026-02-06T21:08:39.129Z

Link: CVE-2026-25885

cve-icon Vulnrichment

Updated: 2026-02-10T15:39:33.292Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T22:16:03.583

Modified: 2026-02-20T20:47:36.330

Link: CVE-2026-25885

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:15:27Z

Weaknesses