CVE 8.8 HIGH

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment_CVE-2026-41900

May 7, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.

AI Analysis

Remote code execution vulnerability in OpenLearnX code execution environment

Basic Information

ID CVE-2026-41900

Source GitHub_M

Published May 8, 2026 at 03:25

Affected Product

Vendor th30d4y

Product OpenLearnX

Version < 2.0.3

Affected Versions th30d4y OpenLearnX < 2.0.3

CWE Classification

CWE-78 CWE-94 CWE-250 CWE-284 CWE-693

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor th30d4y

Product OpenLearnX

Version < 2.0.3

References

{
    "lastseen": "",
    "description": "OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3.",
    "published": "2026-05-08T03:25:50.286Z",
    "modified": "2026-05-08T03:25:50.286Z",
    "type": "cve",
    "title": "OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment",
    "source": "GitHub_M",
    "references": "https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-8h25-q488-4hxw\nhttps://github.com/th30d4y/OpenLearnX/commit/14765d7d1856d564747c55c5412e2f38feab079e\nhttps://github.com/th30d4y/OpenLearnX/releases/tag/v2.0.3-security-fix",
    "id": "CVE-2026-41900",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-94",
        "CWE-250",
        "CWE-284",
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "th30d4y OpenLearnX < 2.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenLearnX",
    "version": "< 2.0.3",
    "vendor": "th30d4y",
    "ai_description": "Remote code execution vulnerability in OpenLearnX code execution environment",
    "ai_severity": "High",
    "ai_vendor": "th30d4y",
    "ai_product": "OpenLearnX",
    "ai_version": "< 2.0.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply