CVE-2026-41588

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.

208

Observable Timing Discrepancy

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control

Potential Impacts:

Read Application Data Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/inducer/relate/commit/2f68e16cd3b96d25c1…

https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cda…

https://github.com/inducer/relate/security/advisories/GHSA-…

https://github.com/inducer/relate/security/advisories/GHSA-78j7-9xr9-2728

CVE-2026-41588

Description

Observable Timing Discrepancy

Common Consequences

Applicable Platforms

Iscriviti alla newsletter