OUSL-GROUP-BrinaryBrains — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/ousl-group-brinarybrains/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 31 May 2026 05:17:54 +0000CVE-2026-10167 Improper Authentication in OUSL-GROUP-BrinaryBrains School Student Management Systemhttps://feed.craftedsignal.io/briefs/2026-05-cve-2026-10167/Sun, 31 May 2026 05:17:54 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cve-2026-10167/CVE-2026-10167 is an improper authentication vulnerability in OUSL-GROUP-BrinaryBrains School Student Management System allowing a remote attacker to manipulate the 'role' argument to bypass authentication.CVE-2026-10167 identifies an improper authentication vulnerability within the OUSL-GROUP-BrinaryBrains School Student Management System, affecting versions up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This vulnerability resides in the sign_auth_cookie function of the application/controllers/Login.php file, specifically within the MY_Controller component. A remote attacker can exploit this flaw by manipulating the role argument, leading to unauthorized access. The exploit is publicly available, increasing the risk of active exploitation. The vendor employs rolling releases, making specific affected versions difficult to pinpoint. The project has been notified of the vulnerability but has yet to respond.

Attack Chain

  1. Attacker identifies the sign_auth_cookie function within application/controllers/Login.php.
  2. Attacker crafts a malicious HTTP request targeting the vulnerable function.
  3. The HTTP request includes a manipulated role argument designed to bypass authentication checks.
  4. The server-side application processes the crafted request without proper validation of the role parameter.
  5. The application’s authentication logic incorrectly grants access based on the attacker-supplied role.
  6. The attacker gains unauthorized access to the system with elevated privileges.
  7. Attacker performs actions they are not authorized to do.
  8. Attacker potentially exfiltrates sensitive student data or modifies system settings.

Impact

Successful exploitation of CVE-2026-10167 allows unauthorized remote attackers to bypass authentication and gain elevated privileges within the OUSL-GROUP-BrinaryBrains School Student Management System. This can lead to sensitive data breaches, modification of student records, and disruption of school operations. The lack of a vendor response increases the urgency for defenders to implement mitigating controls. Given the public availability of the exploit, attacks are likely to occur.

Recommendation

  • Monitor web server logs for requests targeting application/controllers/Login.php with suspicious manipulation of the role parameter. Deploy the Sigma rule Detect Suspicious Role Parameter Manipulation to identify potential exploitation attempts.
  • Implement input validation and sanitization on the role parameter within the sign_auth_cookie function to prevent malicious manipulation.
  • Apply rate limiting to the authentication endpoint to mitigate brute-force attempts to exploit the vulnerability.
  • Consider deploying a web application firewall (WAF) rule to block requests that match the exploit pattern.
]]>highthreatcve-2026-10167improper-authenticationweb-application