Browse all 7 CVE security advisories affecting OpenOLAT. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28228 | OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution — OpenOLATCWE-1336 | 8.8 | High | 2026-03-30 |
| CVE-2026-31946 | OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow — OpenOLATCWE-287 | 9.8 | Critical | 2026-03-30 |
| CVE-2024-28198 | XML external entity (XXE) injection in OpenOLAT — OpenOLATCWE-611 | 4.6 | Medium | 2024-03-11 |
| CVE-2021-41242 | Path Traversal in some REST methods leading to file upload to arbitrary places — OpenOLATCWE-23 | 8.1 | High | 2021-12-10 |
| CVE-2021-41152 | Path Traversal in Folder Component Leading to Local File Inclusion — OpenOLATCWE-22 | 7.7 | High | 2021-10-18 |
| CVE-2021-39181 | Unsafe Deserialization of User Data Using XStream — OpenOLATCWE-91 | 8.8 | High | 2021-09-01 |
| CVE-2021-39180 | Path Traversal in Archive Handling Leading to Code Execution — OpenOLATCWE-22 | 8.1 | High | 2021-08-31 |
This page lists every published CVE security advisory associated with OpenOLAT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.