CVE-2026-30368 | THREATINT

Description

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices.

PUBLISHED Reserved 2026-03-04 | Published 2026-04-24 | Updated 2026-04-27 | Assigner mitre

MEDIUM: 5.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unknown

5.1.2.1763770643 (custom)

affected

References

tasty-hovercraft-9b9.notion.site/...5b4a800c9eefc5526479820a

www.incognitotgt.me/blog/lightspeed

cve.org (CVE-2026-30368)

nvd.nist.gov (CVE-2026-30368)

Download JSON