{“lastseen”:””,”description”:”PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST \/api\/v1\/forum\/vote`) trusts the JSON body\u2019s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `\\”x\\”`) as `direction`. Downstream (`VoteServer`) treats any non-`\\”up\\”` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.”,”published”:”2026-01-29T22:06:37.224Z”,”modified”:”2026-01-29T22:06:37.224Z”,”type”:”cve”,”title”:”PolarLearn’s unvalidated vote direction allows vote count manipulation”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/polarnl\/PolarLearn\/security\/advisories\/GHSA-ghpx-5w2p-p3qp\\nhttps:\/\/github.com\/polarnl\/PolarLearn\/commit\/e6227d94d0e53e854f6a46480db8cd1051184d41″,”id”:”CVE-2026-25126″,”bulletinFamily”:””,”cwe”:[“CWE-20″],”cvelist”:null,”sourceData”:”polarnl PolarLearn \\u003c 0-PRERELEASE-15″,”sourceHref”:””,”cvss”:{“score”:7.1,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”PolarLearn”,”version”:”\\u003c 0-PRERELEASE-15″,”vendor”:”polarnl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST \/api\/v1\/forum\/vote`) trusts the JSON body\u2019s `direction` value without…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,50,12,15,13,7,11,5],"class_list":["post-38263","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-71","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n