Client-Side Authorization Flaw in Lightspeed Classroom by Lightspeed Systems
CVE-2026-30368

Currently unrated

Key Information:

Vendor: Lightspeed Systems
Status: Lightspeed Classroom
Vendor: CVE Published:; 24 April 2026

🔔 Create Lightspeed Systems Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-30368?

A significant client-side authorization flaw in Lightspeed Classroom version 5.1.2.1763770643 allows unauthenticated attackers to exploit weaknesses in integrity checks. By abusing client-generated authorization tokens, these attackers can impersonate legitimate users, resulting in unauthorized control and monitoring of student devices. This vulnerability poses serious risks to the security and privacy of student interactions within the application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

ls-poc
Created by truekas

References

https://tasty-hovercraft-9b9.notion.site/Enabling-Unautho...

https://www.incognitotgt.me/blog/lightspeed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
🟡
Public PoC available
Apr 22, 2026
👾
Exploit known to exist
Apr 22, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30368 Data

JSON