CVE-2026-24667 | THREATINT

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user accounts. This issue has been patched in version 4.2.

PUBLISHED Reserved 2026-01-23 | Published 2026-02-03 | Updated 2026-02-03 | Assigner GitHub_M

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-613: Insufficient Session Expiration

Product status

< 4.2

affected

References

github.com/...eclass/security/advisories/GHSA-5h73-53mh-m224

cve.org (CVE-2026-24667)

nvd.nist.gov (CVE-2026-24667)

Download JSON