All 7 CVE vulnerabilities found in OpenOLAT, with AI-generated Chinese analysis, references, and POCs.
Vendor: OpenOLAT
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28228 | OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution CWE-1336 | 8.8 | High | 2026-03-30 |
| CVE-2026-31946 | OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow CWE-287 | 9.8 | Critical | 2026-03-30 |
| CVE-2024-28198 | XML external entity (XXE) injection in OpenOLAT CWE-611 | 4.6 | Medium | 2024-03-11 |
| CVE-2021-41242 | Path Traversal in some REST methods leading to file upload to arbitrary places CWE-23 | 8.1 | High | 2021-12-10 |
| CVE-2021-41152 | Path Traversal in Folder Component Leading to Local File Inclusion CWE-22 | 7.7 | High | 2021-10-18 |
| CVE-2021-39181 | Unsafe Deserialization of User Data Using XStream CWE-91 | 8.8 | High | 2021-09-01 |
| CVE-2021-39180 | Path Traversal in Archive Handling Leading to Code Execution CWE-22 | 8.1 | High | 2021-08-31 |
All 7 known CVE vulnerabilities affecting OpenOLAT with full Chinese analysis, references, and POCs where available.