CVE-2026-44720— OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

AI Predicted 8.1 Difficulty: Moderate EPSS 0.03% · P11 Updated May 28, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

Vendor	Product	Version Range	Status
th30d4y	OpenLearnX	`< 2.0.4`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44720

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

Source: NVD (National Vulnerability Database)

Vulnerability Description

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

认证机制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenLearnX 数据伪造问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenLearnX是th30d4y开源的一款去中心化自适应学习与评估平台。 OpenLearnX 2.0.4之前版本存在数据伪造问题漏洞，该漏洞源于关键的身份验证漏洞，可能导致在特定条件下未授权访问用户账户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
th30d4y	OpenLearnX	< 2.0.4	-

II. Public POCs for CVE-2026-44720

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-44720

请登录查看更多情报信息。

Other References for CVE-2026-44720 (1)

🔗 Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover · Advisory · th30d4y/OpenLearnX · GitHubx_refsource_CONFIRM

https://nvd.nist.gov/vuln/detail/CVE-2026-44720

IV. Related Vulnerabilities

Same product: OpenLearnX

CVE-2026-41900
OpenLearnX has Critical Remote Code Execution Through Python

Same vendor: th30d4y

Same weakness: CWE-287

V. Comments for CVE-2026-44720

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-44720— OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-44720

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-44720

III. Intelligence Information for CVE-2026-44720

Other References for CVE-2026-44720 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-44720

Leave a comment