CVE-2026-25811 | THREATINT

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

PUBLISHED Reserved 2026-02-05 | Published 2026-02-09 | Updated 2026-02-10 | Assigner GitHub_M

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-863: Incorrect Authorization

Product status

= 1.0.0

affected

References

github.com/...lacipy/security/advisories/GHSA-3gmm-9ww2-87fh

cve.org (CVE-2026-25811)

nvd.nist.gov (CVE-2026-25811)

Download JSON