Description
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute both actions, while real admins were rejected. This is a direct privilege-escalation issue in the application.
Published: 2026-04-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

A flaw in PolarLearn’s account‑management module reverses the administrative check for the setCustomPassword and deleteUser functions, allowing any authenticated, non‑admin user to invoke these actions while real administrators are denied. This inversion grants ordinary users the ability to reset passwords for any account and delete users, effectively elevating their privileges to system administrators. The weakness is identified as CWE‑285: Improper Authorization.

Affected Systems

PolarLearn, the free and open‑source learning platform from polarnl, is affected in all releases up to and including 0‑PRERELEASE‑14. Versions released after 0‑PRERELEASE‑14 contain a corrected check and are no longer vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity issue. Although no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, the attack scenario is straightforward: an authenticated non‑admin user simply sends requests to the vulnerable endpoints while maintaining an active session. As a result, any user with valid credentials can acquire full administrative control, compromising all data and system integrity.

Generated by OpenCVE AI on April 7, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PolarLearn to version 0-PRERELEASE‑15 or later, where the inverted admin check has been fixed.

Generated by OpenCVE AI on April 7, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Polarlearn
Polarlearn polarlearn
CPEs cpe:2.3:a:polarlearn:polarlearn:-:*:*:*:*:*:*:*
Vendors & Products Polarlearn
Polarlearn polarlearn

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Polarnl
Polarnl polarlearn
Vendors & Products Polarnl
Polarnl polarlearn

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authenticated non-admin users were allowed to execute both actions, while real admins were rejected. This is a direct privilege-escalation issue in the application.
Title PolarLearn has a Server Action Admin Bypass in Account Management Actions
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Polarlearn Polarlearn
Polarnl Polarlearn
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T18:32:36.607Z

Reserved: 2026-04-03T21:25:12.163Z

Link: CVE-2026-35610

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T17:16:35.260

Modified: 2026-04-16T18:04:50.313

Link: CVE-2026-35610

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:35Z

Weaknesses