Vulnerability in OpenLearn Forum Software Affects User Privacy
CVE-2026-41243

6.9MEDIUM

Key Information:

Vendor: Siemvk
Status: Openlearn
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-41243?

OpenLearn, an open-source educational forum software, previously exhibited a significant vulnerability where unapproved forum posts, intended to be hidden from public view when 'safeMode' was enabled, could still be accessed directly using the post UUID. This issue allowed unauthorized users to read private posts, compromising user privacy and affecting the confidentiality protocols of the platform. The vulnerability was addressed in a commit that ensures unapproved posts remain inaccessible even if their UUID is known, thereby enhancing the security of user content on the platform.

Affected Version(s)

OpenLearn < 844b2a40a69d0c4911580fe501923f0b391313ab

References

https://github.com/siemvk/OpenLearn/security/advisories/G...

x_refsource_CONFIRM

https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 18, 2026

CVE-2026-41243 Data

JSON

Siemvk

What is CVE-2026-41243?

Affected Version(s)

References

CVSS V4

Timeline