CVE-2026-25809 | THREATINT

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.

PUBLISHED Reserved 2026-02-05 | Published 2026-02-09 | Updated 2026-02-10 | Assigner GitHub_M

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-285: Improper Authorization

Product status

= 1.0.0

affected

References

github.com/...lacipy/security/advisories/GHSA-cc32-rp29-w9x7

cve.org (CVE-2026-25809)

nvd.nist.gov (CVE-2026-25809)

Download JSON