{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/polarnl/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35610"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-35610","privilege-escalation","polarnl"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePolarLearn, a free and open-source learning program, is vulnerable to a privilege escalation flaw (CVE-2026-35610) in versions 0-PRERELEASE-14 and earlier. The vulnerability lies within the account-management module, specifically affecting the \u003ccode\u003esetCustomPassword(userId, password)\u003c/code\u003e and \u003ccode\u003edeleteUser(userId)\u003c/code\u003e functions. An inverted admin check allows authenticated non-admin users to perform these actions, while simultaneously denying legitimate administrators the same privileges. This oversight allows malicious users to gain unauthorized control over user accounts and system configurations, leading to potential data breaches or service disruption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the PolarLearn application using valid, non-admin credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the vulnerable \u003ccode\u003esetCustomPassword\u003c/code\u003e function within the account-management module.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to the \u003ccode\u003esetCustomPassword\u003c/code\u003e function, targeting the \u003ccode\u003euserId\u003c/code\u003e of an administrator account.\u003c/li\u003e\n\u003cli\u003eDue to the inverted admin check, the application incorrectly validates the attacker\u0026rsquo;s non-admin privileges as sufficient for the action.\u003c/li\u003e\n\u003cli\u003eThe application executes the \u003ccode\u003esetCustomPassword\u003c/code\u003e function, modifying the administrator\u0026rsquo;s password using the attacker\u0026rsquo;s provided value.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the PolarLearn application using the compromised administrator credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the escalated administrator privileges to access sensitive data or modify critical system settings.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker could exploit the \u003ccode\u003edeleteUser\u003c/code\u003e function, deleting administrator or other user accounts.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35610 allows unauthorized privilege escalation within PolarLearn. Non-admin users can modify administrator passwords or delete user accounts, leading to potential data breaches, service disruption, and unauthorized access to sensitive information. The vulnerability affects versions 0-PRERELEASE-14 and earlier, potentially impacting all deployments of the software within educational institutions and other organizations using PolarLearn.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PolarLearn to a patched version beyond 0-PRERELEASE-14 to remediate the vulnerability described in CVE-2026-35610.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetectPolarLearnPrivilegeEscalation\u003c/code\u003e to detect exploitation attempts by monitoring calls to the \u003ccode\u003esetCustomPassword\u003c/code\u003e function made by non-admin users.\u003c/li\u003e\n\u003cli\u003eReview and audit user permissions within PolarLearn to identify and remove any unauthorized administrator accounts created through exploitation of CVE-2026-35610.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T17:16:35Z","date_published":"2026-04-07T17:16:35Z","id":"/briefs/2026-04-polar-learn-privesc/","summary":"PolarLearn version 0-PRERELEASE-14 and earlier contains a privilege escalation vulnerability (CVE-2026-35610) in the account-management module, allowing authenticated non-admin users to execute administrative functions due to an inverted admin check.","title":"PolarLearn Privilege Escalation Vulnerability (CVE-2026-35610)","url":"https://feed.craftedsignal.io/briefs/2026-04-polar-learn-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Polarnl","version":"https://jsonfeed.org/version/1.1"}